Re: Authentication

From: Roger Abell (
Date: 10/25/03

Date: Fri, 24 Oct 2003 23:33:26 -0700

Site1 and Site2 are two DCs of a single domain ?
Or are these only sites (which contain DCs by
whatever other name) ?

Are you sure that you have correctly defined your
sites in AD and that the client has an IP that clearly
places it into a site ?

If Site1 and Site2 are DC names, are you sure that
they are not both registered via SRVs in the site
resource records for the site of the client ?

A client is free to use, for authentication, any DC
of the domain but will first try those that are listed
via SRV resource records for its site, so you really
need to examine the DNS site SRVs.

As for the NTP part of your question:

A domain member will in default settings use the
PDC emulator FSMO of its domain as its time server.
Are you sure that your PDC FSMO exists and is
correctly registring the PDC SRV resource record in

net time /querysntp
is the older interface.

Try at a cmd prompt running
w32tm /once
and read to see what NTP servers it tries.

Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Floyd" <> wrote in message
> People are not authenticating to their local DC as they
> should.  I can log in 2 times in a row and once I will
> authenticate thru site1 and the very next time I will
> authenticate to Site2. ??? In trying to figure this out I
> have run across some information that seems to say that
> part of the issue could be time not working properly.  I
> have noticed some oddities along this line.
> If I do a NET TIME at a DOS prompt it tells me that Site1
> is the main time server
> In the registry of my w/s it tells me that Site2 is my
> NTP server which I assume would be the main time server
> I cannot find anything alluding to an NTP server any
> where configured in the group policies.
> Thanks
> floyd

Relevant Pages

  • RE: Nach DC-Entfernung falsche GUID im AD > keine Replikation
    ... Neuen Server mit NEUEM NAMEN per dcpromo integriert ... > Auf der Site1 habe ich DC2 nach Ausfall entfernen und neu aufsetzen müssen. ... > Konnte vorher noch alle FSMO's auf DC1 der Site1 seizen. ... > bevor der Metadata-Cleanup an die Site2 repliziert wurde. ...
  • Best Configuration for multiple sites over intermittent WAN ?
    ... Windows Server 2003/Exchange Server 2003 ... GFI MailEssentials with POP2Exchange periodically connects to Site1 to ... At the moment Site1 and Site2 are connected by a reasonably reliable WAN ... However, this WAN connection is about to get very expensive, so we would ...
  • Re: SMTP Connector
    ... how do the messages from Site1 know about the mail ... server handling the requests in Site2 without actually specifying the it ... specified the email domain of Site2, not the actual mail server. ...
  • Re: VPN and Email between two SBS 2003 sites
    ... the new server and be ahead of the game. ... However your thoughts on 2 SBS networks interfering I ... We have a netgear dg834 modem/router at Site1, would it be a simple case ... just passing the vpn protocols/ports through to ISA 2004 on the sbs server ...
  • Re: Is it possible to prevent a structure into a particular CF (Coupling Facility)?
    ... instance at SITE2 is used in the case of a SITE1 disaster. ... The KSYS does have to be part of the production parallel sysplex and the ... If you are already doing CF duplexing at the production site you would not ...