member computer choosing wrong domain controller from another site

-

hello,

i'm wondering if can me on this,

have "perimeternetwork" site in resides rodc , "default-first-site-name" site in resides 2 rw dc.

there member computer in "permieternetwork" site tries log in wrong dc "default-first-site-name" site,

ethernet adapter ethernet0:

   connection-specific dns suffix  . :
   ipv4 address. . . . . . . . . . . : 10.1.4.251(preferred)
   subnet mask . . . . . . . . . . . : 255.255.255.0
   default gateway . . . . . . . . . : 10.1.4.254
   dns servers . . . . . . . . . . . : 10.1.4.252
   netbios on tcpip. . . . . . . . : enabled

c:\users\a...z>set log
logonserver=\\dc1-dom1 <- wrong rwdc site

seems know site in,

c:\users\a...z>nltest /dsgetdc:a.local /account:dc1-ftp$
           dc: \\dc1-rodom1.a.local  <- rodc in same site, should used.
      address: \\10.1.4.252
     dom guid: f1606cd9-ca71-4828-90cd-b17ae3769bea
     dom name: a.local
  forest name: a.local
 dc site name: perimeternetwork
our site name: perimeternetwork
        flags: gc ds ldap kdc timeserv gtimeserv dns_dc dns_domain dns_forest close_site partial_s
ret ws ds_8 ds_9
command completed successfully

> _ldap._tcp.perimeternetwork._sites.dc._msdcs.a.local
server:  dc1-rodom1.a.local
address:  10.1.4.252

nslookup shows,

_ldap._tcp.perimeternetwork._sites.dc._msdcs.a.local srv service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dc1-rodom1.a.local
dc1-rodom1.a.local   internet address = 10.1.4.252
>


under "perimeternetwork._sites.forestdnszones.a.local" there of dcs, i'm not sure it's ok!?

> _ldap._tcp.perimeternetwork._sites.forestdnszones.a.local
server:  dc1-rodom1.a.local
address:  10.1.4.252

_ldap._tcp.perimeternetwork._sites.forestdnszones.a.local    srv service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dc1-dom2.a.local
_ldap._tcp.perimeternetwork._sites.forestdnszones.a.local    srv service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dc1-dom1.a.local
_ldap._tcp.perimeternetwork._sites.forestdnszones.a.local    srv service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dc1-rodom1.a.local
dc1-dom2.a.local     internet address = 10.1.3.250
dc1-dom1.a.local     internet address = 10.1.3.251
dc1-rodom1.a.local   internet address = 10.1.4.252
> _ldap._tcp.perimeternetwork._sites.dc._msdcs.a.local
server:  dc1-rodom1.a.local
address:  10.1.4.252

somehow can log in member computer, there ftp service running on not authenticate users.

appreciated!


hi; may not have issue @ all.  please ensure client's preferred dns server in nic tcp/ip properties points @ rodc in it's site, if rodc running dns.  regardless of whether remote site dc runs dns or not, please reboot problematic remote site client once more , check "set log" result again.  this bit of legacy command, needs "extra" reboot or 2 purge old dc name , "catch up" current name.  the more exact way check dc authenticated client check kerberos cache.  if client system windows 10, "called kdc" @ bottom of each kerberos ticket tell dc authenticated it.  one of tickets 1 allowed logon client machine.  you can check kerberos cache command:  

klist tickets

if infrastructure correct, after client machine reboot or two, "set log" result correlate "klist tickets" command result, latter being more accurate command kerberos default authentication protocol in active directory.  additionally, forestdnszones should return writeable active directory domain controllers running dns service, regardless of ad site location.

best regards, todd heron | active directory consultant



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more