Re: Can you reset a client connecting to a remote Site DC back to

From: Ryan Hanisco (rhanisco_at_flagshipis.com)
Date: 02/17/05 

Date: Wed, 16 Feb 2005 19:50:07 -0600

1. I am not 100% sure whether it will stop listening for timed out LDAP
pings. Generally, though, if it hasn't responded in 100ms, you have other
problems and really don't want traffic there anyway. Another server would
be more stable, even if it has slower access times.

2. The 100ms is based on the client's timer and does not take latency into
account.

3. When a workstation authenticates, it is not maintaining a session open
with the server constantly. The next time it needs to reference the AD or
generate a token, it will query the DNS again and start the process over.

Hope this helps. 

-- 
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
"ed@lehigh.com" <edlehighcom@discussions.microsoft.com> wrote in message 
news:A10EAE99-06F5-465B-92FA-74A1930CAF9B@microsoft.com...
> Ryan,
>
> Thanks for responding, but your response doesn't answer the questions.
>
> I can share new info, that an article talks about 100ms being the max wait
> time for DC's to respond within the Site for netlogon. have you heard 
> this?
> After that it looks at the generic DNS service records under the _tcp area 
> to
> find a DC.
>
> However, if the local Site DC's don't respond within 100ms, but responds
> before the remote DC's respond - does it still take the local DC for
> authentication?
>
> Also - does the 100ms include latency time or is it pure time from the 
> time
> the packet leaves the client?
>
> Finally - going back to the original post - is there a way to force a 
> client
> to re-point to a local DC, without a cold reboot or logoff?
>
> Ed
>
>
>
> "Ryan Hanisco" wrote:
>
>> Ed,
>>
>> I suppose you could weight the DCs in the DNS to set up a preferential 
>> order
>> for their application but I am not completely sure if this would have the
>> unintended effect of overriding the "site stickiness".  You would want to
>> ensure that, when available, the local DCs would be used first.  This 
>> could
>> be effected through very careful planning.
>>
>> As to the cache length, this would be only tied to the local DNS cache as 
>> it
>> would be queried to determine the local DC and the next ones to query.
>> -- 
>> Ryan Hanisco
>> MCSE, MCDBA
>> FlagShip Integration Services
>>
>> "ed@lehigh.com" <ed@lehigh.com@discussions.microsoft.com> wrote in 
>> message
>> news:E0BA19E3-8ABB-4D4A-906B-98036D7C2E7C@microsoft.com...
>> > Hi,
>> >
>> > Two part question:
>> >
>> > In W2K AD and I expect W2003 AD,  a client computer when logging in 
>> > tries
>> > to
>> > use a local Site DC for authentication.  If none, is available, how 
>> > does
>> > it
>> > determine which DC it should authenticate to?   The following article
>> > explains the process but I wonder if it is completely correct:
>> >
>> > http://www.windowsitpro.com/Windows/Article/ArticleID/37935/37935.html
>> >
>> > Our experience has found that the DC's selected is not the fastest
>> > responding (following network topology).  I've read various articles, 
>> > but
>> > still not clear as to how that DC is selected.  E.g.  is it taking the
>> > first
>> > 15 DC, in DNS, based on alphabetical order, to ping, to see which one 
>> > is
>> > the
>> > closest?  If so, is there a way to change this mechanism?
>> >
>> > Once a client has information about which DC it is using,
>> >
>> > how long is it cached?
>> > does a reboot clear the cache?  If not, is there a way to force a 
>> > client
>> > the
>> > next time the user logs in, to go and validate if a DC is available in 
>> > the
>> > Site?
>> >
>> > Thanks for any input in advance,
>> >
>> > Ed
>>
>>
>>

Relevant Pages

  • Re: Can you reset a client connecting to a remote Site DC back to
    ... > DNS lookup first to find which DC to go to? ... Excluding DNS Resolver (client) ... I take it that no one know how to re-point a client PC back to it's home DC for authentication without a reboot - unless your point 2 applies for all DC access - everytime. ... "Ryan Hanisco" wrote:> 1. ...
    (microsoft.public.win2000.active_directory)
  • Re: Is DCPromo to demote a lengthy process?
    ... Removing the DC from a site starts the cleanup of DNS while still allowing machines that are talking to the DC to continue to talk to it until they pick up on the change. ... I have seen several cases where demoting a DC within its original site can cause apps to hang up as they continue to try and talk to that DC because DNS says it is a DC, the machine is still responding to pings, yet LDAP isn't responding. ... leave it there for a while until clients/servers/apps detect another DC/GC and then demote. ... and client changes to avoid using these. ...
    (microsoft.public.win2000.active_directory)
  • Re: Can you reset a client connecting to a remote Site DC back to
    ... I take it that no one know how to re-point a client PC back to it's home DC ... for authentication without a reboot - unless your point 2 applies for all DC ... "Ryan Hanisco" wrote: ... >> Thanks for responding, but your response doesn't answer the questions. ...
    (microsoft.public.win2000.active_directory)
  • Re: Client DNS Registration Problem
    ... the client did register fine ... > in DNS when it was joined to the domain. ... When responding to posts, please "Reply to Group" ...
    (microsoft.public.windows.server.dns)
  • Re: A/B split testing on PHP built website
    ... responding. ... Ah well,prior to programming, I had quite a lengthy spell in Marketing ... However, if he wants to do something like that, a random A/B split is ... And randomly changing between two sites is even worse - it looks like your client can't make up his mind which he wants. ...
    (comp.lang.php)