logon server

J

Jim

We have multiple branch offices each with a DC. During
logon sometimes users connect to remote DCs in other
sites. Of course over the WAN links this causes quite a
delay. This happens both with 2000 clients and with
downlevel clients with the DS client installed. The
traffic doesn't seem to be high enough that the servers
would not be able to handle the requests. Any ideas on why
this may be happening and how we can make sure users
connect to the correct DC?
 
M

Mathew Needham

Sorry to ask a question in someone else's conversation but I'm having the
same problem.

So you have to create site and so the subnet thing. I ask because I have
thousands of users and I'm just moving from novel to win 2k and AD.

again sorry to but in and thanks in advance for your input
 
R

Rick

This is an excert from the windows 2000 help file.

Access to a global catalog is required for successful logon attempts. A
global catalog is necessary to determine group memberships during the logon
process. If your network has any slow or unreliable links, enable at least
one global catalog on each side of the link for maximum availability and
fault tolerance.

Another excert with the intruction for turning on GC

To enable or disable a global catalog

Open Active Directory Sites and Services.
In the console tree, double-click the domain controller hosting the global
catalog.
Where?

Active Directory Sites and Services Sites site that contains the domain
controller hosting the global catalog Servers domain controller hosting a
global catalog

Right-click NTDS Settings, and then click Properties.

Select the Global Catalog check box.



Hope this helps

Rick
 
R

Rick

Not a problem Matt. Yes you have to create sites and subnet and then you
link the subnet to the site. As long as you have a GC at the site users
should login to the local DC thus reducing WAN traffic. You can have
multiple subnets at one site you just have to associate all of the subnets
back to the site
 
J

Jimmy Harper [MSFT]

Here are a couple of things you might want to check:

- if the machines are authenticating with the PDCe instead of a local DC,
check this article -
http://support.microsoft.com/default.aspx?scid=KB;EN-US;268518

- enable netlogon logging, then look through the netlogon.log file after a
client authenticates with the wrong DC. To enable netlogon logging, run the
following at a command prompt (Windows 2000 only):

nltest /dbflag:0x2080ffff

Also, the following article gives a good description of how domain
controllers are located in Windows 2000 and some troubleshooting steps:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;247811
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Sites and Terminal Server Logon 1
LDAP traffic across sites 1
Adding a w2k DC to a w2k3 domain 1
Site link bridges always needed? 2
Loggin to remote DC VS Own Subnet DC 3
Slow AD logon if username longer than 8 chars 16
Worried about DC security at branch offices 1
loggin on AD problem 3

Top