Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Authentication traffic leaving sites
Authentication traffic leaving sites [message #162034] Tue, 13 October 2009 18:38 Go to next message
Kevin  is currently offline Kevin  United States
Messages: 110
Registered: July 2009
Senior Member
I have multiple sites setup that replicate in a hub and spoke type
setup. I have sites setup correctly and each spoke DC is a DNS server
for the local machines. For some reason, some machines in the spoke
offices are authenticated with DC's in the main hub or other spokes.
I don't understand why these workstations are hitting DC's outside of
their sites, which are very minimally taxed. Is this pretty normal?
And is there anything I can do to force these workstations to use
their local DC?

Kevin
Re: Authentication traffic leaving sites [message #162041 is a reply to message #162034] Tue, 13 October 2009 23:49 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Kevin,

Kevin schrieb:
> I have multiple sites setup that replicate in a hub and spoke type
> setup. I have sites setup correctly and each spoke DC is a DNS server
> for the local machines. For some reason, some machines in the spoke
> offices are authenticated with DC's in the main hub or other spokes.
> I don't understand why these workstations are hitting DC's outside of
> their sites, which are very minimally taxed. Is this pretty normal?
> And is there anything I can do to force these workstations to use
> their local DC?

What is the client machine's DNS configuration? Does it point to the
site-local DC? Did you set up Active Directory Sites and Services
correctly so that the client is in the correct subnet as well as the DC
you'd assume the authentication traffic to go to?

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Authentication traffic leaving sites [message #162046 is a reply to message #162041] Wed, 14 October 2009 07:12 Go to previous messageGo to next message
Kevin  is currently offline Kevin  United States
Messages: 110
Registered: July 2009
Senior Member
Yes, the workstation's primary DNS server is it's local DC, and I do
have subnets configured correctly for the site. That's why I am so
confused by some machines doing this. If everything is setup
correctly, will it ever venture outside of the site if the server is
available?


On Oct 14, 1:49 am, "Florian Frommherz [MVP]"
<flor...@frickelsoft.DELETETHIS.net> wrote:
> Kevin,
>
> Kevin schrieb:
>
> > I have multiple sites setup that replicate in a hub and spoke type
> > setup.  I have sites setup correctly and each spoke DC is a DNS server
> > for the local machines.  For some reason, some machines in the spoke
> > offices are authenticated with DC's in the main hub or other spokes.
> > I don't understand why these workstations are hitting DC's outside of
> > their sites, which are very minimally taxed.  Is this pretty normal?
> > And is there anything I can do to force these workstations to use
> > their local DC?
>
> What is the client machine's DNS configuration? Does it point to the
> site-local DC? Did you set up Active Directory Sites and Services
> correctly so that the client is in the correct subnet as well as the DC
> you'd assume the authentication traffic to go to?
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog:http://www.frickelsoft.net/blog.
> Maillist (german):http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Authentication traffic leaving sites [message #162054 is a reply to message #162034] Wed, 14 October 2009 13:11 Go to previous messageGo to next message
SubstituteThisWithMyF  is currently offline SubstituteThisWithMyF  Netherlands
Messages: 85
Registered: October 2009
Member
check out the following:
http://blogs.dirteam.com/blogs/jorge/archive/2007/06/30/dc-l ocator-process-in-w2k-w2k3-r2-and-w2k8-part-1.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2007/07/02/dc-l ocator-process-in-w2k-w2k3-r2-and-w2k8-part-2.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2007/07/02/dc-l ocator-process-in-w2k-w2k3-r2-and-w2k8-part-3.aspx

make sure IP subnets, AD sites are configured correctly!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------ ------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------ ------------------------------
#################################################
#################################################
------------------------------------------------------------ ------------------------------

"Kevin" <ksw139@gmail.com> wrote in message
news:69819d74-5f93-4488-a060-a78ebb6248ae@o13g2000vbl.googlegroups.com...
> I have multiple sites setup that replicate in a hub and spoke type
> setup. I have sites setup correctly and each spoke DC is a DNS server
> for the local machines. For some reason, some machines in the spoke
> offices are authenticated with DC's in the main hub or other spokes.
> I don't understand why these workstations are hitting DC's outside of
> their sites, which are very minimally taxed. Is this pretty normal?
> And is there anything I can do to force these workstations to use
> their local DC?
>
> Kevin
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4507 (20091014) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

The message was checked by ESET Smart Security.

http://www.eset.com
Re: Authentication traffic leaving sites [message #162111 is a reply to message #162054] Wed, 14 October 2009 18:22 Go to previous message
Kevin  is currently offline Kevin  United States
Messages: 110
Registered: July 2009
Senior Member
Thanks Jorge! These are great articles!


On Oct 14, 3:11 pm, "Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByD...@gmail.com> wrote:
> check out the following:http://blogs.dirteam.com/blogs/jorge/archive/2007/ 06/30/dc-locator-pr...http://blogs.dirteam.com/blogs/jorge/a rchive/2007/07/02/dc-locator-pr...http://blogs.dirteam.com/b logs/jorge/archive/2007/07/02/dc-locator-pr...
>
> make sure IP subnets, AD sites are configured correctly!
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)-->http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)-->http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------ ---------------­---------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------ ---------------­---------------
> #################################################
> #################################################
> ------------------------------------------------------------ ---------------­---------------
>
> "Kevin" <ksw...@gmail.com> wrote in message
>
> news:69819d74-5f93-4488-a060-a78ebb6248ae@o13g2000vbl.googlegroups.com...
>
>
>
>
>
> > I have multiple sites setup that replicate in a hub and spoke type
> > setup.  I have sites setup correctly and each spoke DC is a DNS server
> > for the local machines.  For some reason, some machines in the spoke
> > offices are authenticated with DC's in the main hub or other spokes.
> > I don't understand why these workstations are hitting DC's outside of
> > their sites, which are very minimally taxed.  Is this pretty normal?
> > And is there anything I can do to force these workstations to use
> > their local DC?
>
> > Kevin
>
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4507 (20091014) __________
>
> > The message was checked by ESET Smart Security.
>
> >http://www.eset.com
>
> __________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com- Hide quoted text -
>
> - Show quoted text -
Previous Topic:AD Delegation Rights to patch DC's
Next Topic:did you have any luck in resolving this issue?
Goto Forum:
  


Current Time: Fri Jan 19 00:45:35 MST 2018

Total time taken to generate the page: 0.03273 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software