Client computer assigned to different dc

Hi,

I have 4 dc:

Svvm (DC)

VM2(DC)

TestVM1 (DC)

VMRODC (RODC)

and each of them have their own site and subnet , once i wrote the command nltest /dsgetdc:domain.com on vm2 for exalmple  i got that it assigned correctly based on the subnets but in DC it is not assigned probably to the right dc and assigned only to svvm. any help please because i still face the same problem 

Result of the command:

C:\Users\mulhimm>nltest /dsgetdc:domain.com
           DC: \\svvm.doman.com
      Address: \\192.168.1.210
     Dom Guid: 9e1f3082-0330-459c-8d6b-6cf457fe240a
     Dom Name: domain.com
  Forest Name: domain.com
 Dc Site Name: DC-main
Our Site Name: VM2-site
        Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
 FULL_SECRET WS DS_8 DS_9
The command completed successfully

September 11th, 2015 12:08pm

Hi

 First make sure that right subnets already assign to DC's,Open AD sites and Services->Subnets->Right click on a subnet,select properties->On General Tab check the subnet is assigned the right DC,

 If it is OK,Please check out this forum answer

https://social.technet.microsoft.com/Forums/windowsserver/en-US/acf39b3c-d929-4a88-a4fe-a0422ec59a37/how-can-i-force-a-client-logon-in-a-different-domain-controller?forum=winserverDS

Free Windows Admin Tool Kit Click here and download it now
September 11th, 2015 1:36pm

Hi

Each site has its own dc, the point is the subnet goes fine but not assigned to the prober dc I tried with different clients and subnet still face the same issue , even in SET command the logonserver still same not changed (svvm).

Regard.

September 12th, 2015 6:08am

Hi

 Could you check these links on my previous message,

http://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/

 configure the LdapSrvWeight registry setting on domain controllers to assign a weighted priority for each one,

https://technet.microsoft.com/en-us/library/cc957291?f=255&MSPPError=-2147217396

Free Windows Admin Tool Kit Click here and download it now
September 12th, 2015 6:17am

I'm not sure what you're trying to achieve.

As Burak mentioned, you need to assign the subnet of your client to the site you wish it will pick a DC from.

You cannot arbitrarily pick a domain controller. This would introduce a single point of failure that the Netlogon service is actually trying to avoid. Now in your case because you have only one DC per site, you are kinda tricking the system. Even though you cannot point to a specific DC, you can trick the client DCLocator process and make it think it belongs to a different site (for test purpose).

Example: if you are on a machine that belongs to the SVVM site because its subnet is assigned to this site. You are using the DC of the SVVM site. If you modify the registry value called SiteName under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters and set the value VM2, now your machine will think it is assigned to the VM2 site and therefore use the DC of that site. The change isn't dynamic though. By default, since Windows Vista/Window Server 2008, Netlogon keeps a cache entry for 12 hours. So your machine will not try to discover a new DC nor in which site it is assigned for potentially up to 12 hours (unless the current DC become unreachable). If you want to force Netlogon to rediscover a domain controller right now, you can use the same command you mentioned but add the /force parameter:

nltest /dsgetdc:domain.com /force

Also note that you cannot trust the SET LogonServer to determine what DC you are currently using. This is a legacy environment variable that is never updated after the initial logon. The proper way to check is again the command you mentioned: nltest.

September 12th, 2015 12:17pm

I will analyze all the solutions that you provided to me but I would like to mention what I want to do:

I have VMRODC as VPN server and I would like to assign any vpn client to Specifc site which have RODC

I will notify you about any update.

Regard.

Free Windows Admin Tool Kit Click here and download it now
September 12th, 2015 5:31pm

Hi, after analyzing my infrastructure again I found that:

1- in registry I couldn't find "site name" parameter

2- In DNS I checked for all srv records of all the sites ant it was correctly exists

without any complication I need just to assign the vpn connection to specific dc and that's it but what happened after I did the sites and subnet once I shutdown SVVM, I can ping my domain with other dc but I couldn't reach Active directory I don't know exactly what happened and if there is a relation between this problem and the main problem (Site problem),please advice.

Regard

September 14th, 2015 5:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics