Windows Localisation Logon problem 1

[snipesnab]

Our current setup:

1 Multiple site locations linked by 4 Mb connections - each site has a domain controller which is part of the same domain.
2 Windows 2000 server and XP desktops
3 Citrix server farm at our London site

At each site, when the computer is initially turned on and logged onto they should authenticate against their local domain controller.

However the user then needs to logon to a citrix desktop. The citrix farm is located at our london office. Two domain controllers are located at the london office in the same server room as the citrix farm. Say the user is located at the Manchester office, when they logon to their citrix desktop they are currently authenticated by the domain controller at the Manchester office when we want them to be authenticated by the local London domain controllers (remembering that the citrix farm is located in london office). Surely the citrix user should be authenticated at the london domain controller, but it is being authenticated by the manchester domain controller over the 4 MB link. Does anyone know why this is happening and how I can change it?

The site are all on the same subnet (class c) 255.255.255.0 but the ip address ranges are in the following scheme:
London : 172.16.10.x
Manchester 172.16.11.x
etc etc

Many thanks.

 

[aftertaf]

The site are all on the same subnet (class c) 255.255.255.0 but the ip address ranges are in the following scheme:
London : 172.16.10.x
Manchester 172.16.11.x

they arent on the same subnet.....
the network address isnt the same, so they arent!!

have you correctly setup and configured sites and services to mirror your network topology??

Aftertaf

I just want something I can never have...

 

[snipesnab]

Sites and services have been left as the default setup. Do i need to setup the subnets in sites and services to mirror the subnets of the various sites?

I just ment that all the sites are using the same subnet mask.

Thanks.

 

[aftertaf]

yes, it needs changing...



EG:
-Create a site called london, and one called Manc
-Create a subnet with the correct IP info for each site, and assign the subnet to the site.
-Then move the DCs to their corresponding site.

get back to us if you need more explanations..

Aftertaf

I just want something I can never have...

 

[snipesnab]

thanks, i will be setting it up today and let you know if it solves the problem.

 

[snipesnab]

I have setup the sites and the subnets as follows, but i am not sure that the replication links are setup correctly.

I have created the subnets for each site, the thing i am not sure of is the links that have been created. Do i need to manually create the replication links now that i have manually created the sites? How should the links look on the london servers to the satellite sites and how should the links look at the satellite site servers?

Please view the diagram below:

I have setup 4 sites (star topology):
1. London - which has 2 global catalogue servers
2. Manchester - 1 Active directory server (4MB link to london)
3. Coalville - 1 Active dir server (4MB link to london)
4. Cardiff - 1 active dir server (4MB link to london)

Below is the current setup of the replication links:

Sites-
-London
- servers
-Londonserver1
-NTDS settings
-(from server)Londonserver2;(from site)London
-Londonserver2
-NTDS settings
-(from server)Londonserver1;(from site)London
-Manchester
- servers
-Manchesterserver1
-NTDS settings
-(from server)Coalvilleserver1;(from site)Coalvil
-(from server)Londonserver1;(from site)London
-(from server)Cardiffserver1;(from site)Cardiff
-Coalville
- servers
-Coalvilleserver1
-NTDS settings
-(from server)Manchesterserver1;(frm site)Manchest
-Cardiff
- servers
-Cardiffserver1
-NTDS settings
-(from server)Coalvilleserver1;(from site)coalvil
-(from server)Manhesterserver1;(frm site)Manchest

 

[aftertaf]

looks good on the replication links...

Two things:

1: give it a day or two for the KCC to recalculate the replication paths, it does this automatically..

2: make the DCs in the other sites Global Catalogs too, this is needed for logon reasons (to do with universal group membership etc...)

there is a tool in the resource kit (i think...) called replmon, that will show you graphically what the KCC has setup.

using site links, bridges etc... you can effectively control replication paths....
check out the MS knowledge base and this site:

http://www.petri.co.il/

which is really very well written and explains this technical stuff

Aftertaf

I just want something I can never have...

 

[snipesnab]

I am getting some warnings in event viewer as follows:

The file replication service is having trouble enabling replication from x to y ...

I will read through that site that you sent, hopefully the replication paths will sort themselves out!

Thanks very much for your help, I'll let you know if it works or if it gives any more problems.

 

[aftertaf]

and use replmon too....

it can help see if things are working fine or not.

post which DCs are having trouble replicating to which partners, because those that don't have direct links might need further tuning....

(i'm back on tuesday....)


Aftertaf

I just want something I can never have...

 

[snipesnab]

I have installed replmon and all the links seem to be working fine as far as i can see. I will be monitoring event viewer over the next few days to see if the errors persist.

Thanks very much for your help.