Hi.

I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary DC USA

Installation & replication of AD went fine

India domain users login is damn slow.

When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.

Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.

Please find the dcdiag results below and any help much appreciated

Performing initial setup:
   Trying to find home server...
   Home Server = server2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: INDIA\server2
      Starting test: Connectivity
         ......................... server2 passed test Connectivity

Doing primary tests

   Testing server: INDIA\server2
      Starting test: Advertising
   Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
   server2.
   SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... server2 failed test Advertising
      Starting test: FrsEvent
         ......................... server2 passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after th
         replication problems may cause Group Policy problems.
         ......................... server2 failed test DFSREvent
      Starting test: SysVolCheck
         ......................... server2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... server2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... server2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... server2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... server2 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\server2\netlogon)
         [server2] An net use or LsaPolicy operation failed with error 67,
         ......................... server2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... server2 passed test ObjectsReplicated
      Starting test: Replications
         ......................... server2 passed test Replications
      Starting test: RidManager
         ......................... server2 passed test RidManager
      Starting test: Services
         ......................... server2 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0xA004001B
            Time Generated: 02/22/2015   17:10:30
            Event String: Intel(R) 82574L Gigabit Network Connection
         A warning event occurred.  EventID: 0x000727A5
            Time Generated: 02/22/2015   17:11:24
            Event String: The WinRM service is not listening for WS-Manageme
         An error event occurred.  EventID: 0x0000271A
            Time Generated: 02/22/2015   17:11:24
            Event String:
            The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
         A warning event occurred.  EventID: 0xA004001B
            Time Generated: 02/22/2015   17:12:41
            Event String: Intel(R) 82574L Gigabit Network Connection
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 02/22/2015   17:19:36
            Event String:
            Name resolution for the name mycompany.com timed out after none
         A warning event occurred.  EventID: 0x00001796
            Time Generated: 02/22/2015   17:28:54
            Event String:
            Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
         A warning event occurred.  EventID: 0x000727A5
            Time Generated: 02/22/2015   17:33:35
            Event String: The WinRM service is not listening for WS-Manageme
         A warning event occurred.  EventID: 0x00001796
            Time Generated: 02/22/2015   17:35:54
            Event String:
            Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
         ......................... server2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... server2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValida

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValida

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidat

   Running partition tests on : tst
      Starting test: CheckSDRefDom
         ......................... tst passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... tst passed test CrossRefValidation

   Running enterprise tests on : tst.mycompany.com
      Starting test: LocatorCheck
         ......................... tst.mycompany.com passed test LocatorChec
      Starting test: Intersite
         ......................... tst.mycompany.com passed test Intersite

It seems that your SYSVOL/Netlogon shares are still not created. You can run \\localhost\ on the new DC to see the local shares. If they are missing then you can simply do a non-authoritative restore: https://support.microsoft.com/kb/2218556?wa=wsignin1.0

Also, please make sure that your AD sites and subnets are well configured: Your DC should belong to the correct AD site and your subnets for your second site should be created and linked to the correct AD site. I have described here how DC Locator process works: http://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

Hi.

I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary DC USA

Installation & replication of AD went fine

India domain users login is damn slow.

When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.

Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.

Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.