On Mon, Nov 17, 2008 at 2:52 PM, Joe Heaton <[EMAIL PROTECTED]> wrote: > Don't answer that Michael, I figured it out. The client I looked at, with > the issue, is hitting my secondary DC for auth.
Don't forget, there's really no such thing as a "secondary DC" in AD. All AD DCs are peers. Clients can and will connect to whatever they like, unless you manually force them to particular DC. This detail normally isn't all that important, unless you fall into the trap of thinking "client ... is hitting my secondary DC for auth" is a problem. It seems you have. :) > Possibly an issue with the two DCs talking? If that's the case, you need to get your DCs fixed ASAP. DCs in the same site should be replicated within 15 minutes or so. Check the logs on all the DCs, see what they say. DCs which are not replicating will eventually tombstone all the other DCs, at which point that DC is essentially forever split off from the rest of your network. I think you have something like 60 days before everything gets irrecoverably scrogged. I got called in to clean up that mess once. Was months picking up the pieces. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
