What you describe is exactly my issue, the desktops are slowly all migrating to one DC in the main data center. With the high speed links between the buildings and the server switch plugged right into the core router with a 10GB link it makes sense..it is the fastest hop.
My only goal/need here is to spread out the DC load. I think I will postpone Sundays redo, and ponder and research this some more. Much appreciated gang. ________________________________ From: [email protected] [[email protected]] on behalf of Charles F Sullivan [[email protected]] Sent: Friday, March 18, 2016 4:51 PM To: [email protected] Subject: RE: [NTSysADM] RE: Help a AD Sites Noob out. I thought of this immediately at first, but figured it wouldn’t apply to your situation. I’m not so sure after re-reading….. We have a DC, mainly for DR purposes, that is in a satellite data center less than a mile away with high speed connections to our main data center here. When we first set it up several years ago, most of the AD traffic on the main campus ended up going to that DC, apparently just because it’s physically on the main campus. We prevented this by changing the weight and priority for the SRV records on just that DC. If you’re not familiar with the process, it’s a simple Registry edit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters REG_DWORD: LdapSrvPriority | REG_DWORD: LdapSrvWeight We set the priority as “low” as it can go (65535) and the weight as well (0). This did not stop every bit of client AD traffic, but it gets a very small amount compared to the other DCs. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Brian Desmond Sent: Friday, March 18, 2016 3:11 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Help a AD Sites Noob out. So my suggestion here is to not setup any sites. Having all those buildings in one big site is probably the most ideal setup here if you have no utilization issues and no latency. Thanks, Brian Desmond w – 312.625.1438 | c – 312.731.3132 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Friday, March 18, 2016 12:40 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Help a AD Sites Noob out. Round trip is zero. On Netflix Friday’s it might get up to 1ms. Auth was broke even within buildings. I will grab the logs and tests if it goes bad again. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Friday, March 18, 2016 1:31 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Help a AD Sites Noob out. What is the latency on these links? That seems strange, as others have said, that AuthN broke because of this. I’ll be curious to see some of the nltest output and/or error logs. Thanks, Brian Desmond w – 312.625.1438 | c – 312.731.3132 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Friday, March 18, 2016 8:11 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Help a AD Sites Noob out. Never paid much attention to sites, but now I am going to. I have 12 buildings with dedicated gig fiber back to one of them were the data center is housed. Not a lot of traffic, 10 to 15 percent tops. So never worked with sites to control replication or logon traffic. But now I have a piece of software that is doing a fair number of GC lookups and it would seem that my desktops have decided over the years to all talk to one DC. There are DC’s in each of the five buildings, the 7 smaller ones do not have one. There are currently two all-encompassing subnets, in one site with all the DC’s in that site. So yesterday I decided to make sites. Put in all the subnets for all the buildings, and created 5 sites each with at least one DC, and put the appropriate subnet’s in those sites. It went ugly really fast. Authentication broke enterprise wide, Exchange couldn’t auth and stopped working. For the most part if it involved auth it broke. Nuke the sites and subnets and moved it all back to two /16’s in one site and in about 30 minutes all was well. What did I do wrong?
