No, no firewalls between the buildings and lans/subnets. One big giant happy family.
During this I could ping the DC’s, I could RDP to them….. From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Friday, March 18, 2016 11:02 AM To: [email protected] Subject: [NTSysADM] RE: Help a AD Sites Noob out. I can believe that your replication broke, but for authentication to have totally broken seems odd. If a client can’t find a DC to authenticate to in it’s local site, it should keep going outside of it’s site until it can contact a DC. As long as all the SRV records are in DNS and it has connectivity to all those DCs, authentication should not have broken. Are there firewall rules in place that limit a client to its local site? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Friday, March 18, 2016 9:11 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Help a AD Sites Noob out. Never paid much attention to sites, but now I am going to. I have 12 buildings with dedicated gig fiber back to one of them were the data center is housed. Not a lot of traffic, 10 to 15 percent tops. So never worked with sites to control replication or logon traffic. But now I have a piece of software that is doing a fair number of GC lookups and it would seem that my desktops have decided over the years to all talk to one DC. There are DC’s in each of the five buildings, the 7 smaller ones do not have one. There are currently two all-encompassing subnets, in one site with all the DC’s in that site. So yesterday I decided to make sites. Put in all the subnets for all the buildings, and created 5 sites each with at least one DC, and put the appropriate subnet’s in those sites. It went ugly really fast. Authentication broke enterprise wide, Exchange couldn’t auth and stopped working. For the most part if it involved auth it broke. Nuke the sites and subnets and moved it all back to two /16’s in one site and in about 30 minutes all was well. What did I do wrong? ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
