Re: Can you reset a client connecting to a remote Site DC back to
ed_at_lehigh.com
Date: 02/16/05
- Next message: Altria: "restrict file extensions and size on shared folders"
- Previous message: smc2005: "Connecting two Windows 2000 forests together"
- In reply to: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to it's"
- Next in thread: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to"
- Reply: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Feb 2005 09:21:06 -0800
Ryan,
Thanks for responding, but your response doesn't answer the questions.
I can share new info, that an article talks about 100ms being the max wait
time for DC's to respond within the Site for netlogon. have you heard this?
After that it looks at the generic DNS service records under the _tcp area to
find a DC.
However, if the local Site DC's don't respond within 100ms, but responds
before the remote DC's respond - does it still take the local DC for
authentication?
Also - does the 100ms include latency time or is it pure time from the time
the packet leaves the client?
Finally - going back to the original post - is there a way to force a client
to re-point to a local DC, without a cold reboot or logoff?
Ed
"Ryan Hanisco" wrote:
> Ed,
>
> I suppose you could weight the DCs in the DNS to set up a preferential order
> for their application but I am not completely sure if this would have the
> unintended effect of overriding the "site stickiness". You would want to
> ensure that, when available, the local DCs would be used first. This could
> be effected through very careful planning.
>
> As to the cache length, this would be only tied to the local DNS cache as it
> would be queried to determine the local DC and the next ones to query.
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
>
> "ed@lehigh.com" <ed@lehigh.com@discussions.microsoft.com> wrote in message
> news:E0BA19E3-8ABB-4D4A-906B-98036D7C2E7C@microsoft.com...
> > Hi,
> >
> > Two part question:
> >
> > In W2K AD and I expect W2003 AD, a client computer when logging in tries
> > to
> > use a local Site DC for authentication. If none, is available, how does
> > it
> > determine which DC it should authenticate to? The following article
> > explains the process but I wonder if it is completely correct:
> >
> > http://www.windowsitpro.com/Windows/Article/ArticleID/37935/37935.html
> >
> > Our experience has found that the DC's selected is not the fastest
> > responding (following network topology). I've read various articles, but
> > still not clear as to how that DC is selected. E.g. is it taking the
> > first
> > 15 DC, in DNS, based on alphabetical order, to ping, to see which one is
> > the
> > closest? If so, is there a way to change this mechanism?
> >
> > Once a client has information about which DC it is using,
> >
> > how long is it cached?
> > does a reboot clear the cache? If not, is there a way to force a client
> > the
> > next time the user logs in, to go and validate if a DC is available in the
> > Site?
> >
> > Thanks for any input in advance,
> >
> > Ed
>
>
>
- Next message: Altria: "restrict file extensions and size on shared folders"
- Previous message: smc2005: "Connecting two Windows 2000 forests together"
- In reply to: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to it's"
- Next in thread: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to"
- Reply: Ryan Hanisco: "Re: Can you reset a client connecting to a remote Site DC back to"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
