Re: Authentication

From: Roger Abell (
Date: 10/25/03

Date: Fri, 24 Oct 2003 23:33:26 -0700

Site1 and Site2 are two DCs of a single domain ?
Or are these only sites (which contain DCs by
whatever other name) ?

Are you sure that you have correctly defined your
sites in AD and that the client has an IP that clearly
places it into a site ?

If Site1 and Site2 are DC names, are you sure that
they are not both registered via SRVs in the site
resource records for the site of the client ?

A client is free to use, for authentication, any DC
of the domain but will first try those that are listed
via SRV resource records for its site, so you really
need to examine the DNS site SRVs.

As for the NTP part of your question:

A domain member will in default settings use the
PDC emulator FSMO of its domain as its time server.
Are you sure that your PDC FSMO exists and is
correctly registring the PDC SRV resource record in

net time /querysntp
is the older interface.

Try at a cmd prompt running
w32tm /once
and read to see what NTP servers it tries.

Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Floyd" <> wrote in message
> People are not authenticating to their local DC as they
> should.  I can log in 2 times in a row and once I will
> authenticate thru site1 and the very next time I will
> authenticate to Site2. ??? In trying to figure this out I
> have run across some information that seems to say that
> part of the issue could be time not working properly.  I
> have noticed some oddities along this line.
> If I do a NET TIME at a DOS prompt it tells me that Site1
> is the main time server
> In the registry of my w/s it tells me that Site2 is my
> NTP server which I assume would be the main time server
> I cannot find anything alluding to an NTP server any
> where configured in the group policies.
> Thanks
> floyd