Setup: 1 domain 2 sites 2 domain controllers (A & B) 1 DC per site Each domain controller has DNS installed and all records are correct Data center has 25 Windows Server 2000 member servers running IIS applications Our users login to web site on member servers and our LOB app has to authenticate against the DC in order to assign the user permissions Problem: DC (B) failed last night. For one hour, the member servers continued to attempt authentication with the failed DC (B) instead of failing over to DC (A) in the other site. This caused our app to be down for that hour. After about an hour, some of the servers started authenticating with DC (A). Question: I don't understand why it took so long for some of the servers to fail over to DC (A). Also, most of them took about 60 mins. My research found the CloseSiteTimeout registry entry that can be added to Server 2000. I checked all of the servers and none of them had the registry key so the timeout did not come from the registry key. I ran dcdiag and netdiag and all results were good. Thanks, Jason Odom

This is caused by the replication latency inter-sites. You can check the link between the 2 sites. RegardsMCITP Enterprise Messaging Administrator, MCITP Enterprise Administrator, MCSE, MCDBA

Ok. So i'm checking, the Inter-Site Transports - Site Link - Replicate every x mins setting. Just for verification: My question is related to the member servers delay in switching authentication requests to the active DC (A) from the non-responsive DC (B). Thanks

The lack of "fail-over" is not due to replication latency. Its a bit more complicated than that. This will all depend on the application and the ability to use more than one DNS record for locating domain controllers. The application would also have to determine that the resource it is trying to connect to is not avaiable, thereby trying to connect to another resource from the DNS query results. If you look at you AD zone, different directory service related records will have their associated SRV records. So, if your application was looking for an LDAP server, or a resource for Kerberos, etc.., the SRV records would be used, rather than the host (A) records. There are also site related SRV records as well. So, if the application is "Directory" aware, it could easily take advantage of the AD Site model. For instance Exchange and SCCM are examples of Directory aware applications. Visit: anITKB.com, an IT Knowledge Base.

Hello Elie Damien, as you a lot of posters mark there own thread as answer. This isn't the way this option is planned for. If your suggestion is proposed also from others they can use this option to prevent themself from writing the same answer. So for the future please do not mark your own answers, this will not help anyone. Thank you for understanding. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.