locked
NPS authentication against multipe DCs RRS feed

  • Question

  • hi

    my work infrastructure contain as follow

    DC1.abc.local [primary and first root domain DC]

    DC2.abc.local [secondary DC]

    DC3.xyz.abc.local [primary DC in second domain]

    DC4.xyz.abc.local [secondary dc in second domain]

    NPS01.abc.local [network policy server configured as RADUIS]

    NPS02.abc.local [network policy server configured as RADUIS]

    all above servers are virtualized and hosted by two hyper-v nodes couple of days before hardware failure happened on one of the nodes and caused the underlined servers to stop for about three hours

    based on the remaining servers online the second NPS "NPS02" should work fine without any issue theoretically BUT IT WAS NOT

    my question is how NPS servers chose the DC to authenticate user request Or witch logic is used by NPS to chose the DC's is it random ? is there anyway to force a policy server to use specific DC in the environment ?

    best

    shad

    Wednesday, November 12, 2014 7:27 AM

Answers

All replies

  • Hi shad,

    NPS doesn't choose the DC. NPS calls the DC Locator Service to locate the DC.

    It should be a question about how client locates the DC.

    The picture below shows the process of how clients locates the DC,

    For detailed information, please refer to the blog below, Ace has explained the process in detail.

    The DC Locator Process, The Logon Process, Controlling Which DC Responds in an AD Site, and SRV Records

    http://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/

    If you still have the question about how client locates the DC, to get better help, please post the question on the AD forum below,

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS

    Best Regards.



    Steven Lee

    TechNet Community Support



    Thursday, November 13, 2014 6:07 AM
  • Hi Steven,

    many thanks for your replay

    forgive me for been delay

    all the DC's and NPS servers are located on two Hyper-V node on the same site on daily basis error codes of 4401 and 4402 can be seen on both NS server there is no special circumstance for occurring it happens on random basis and it will continue for less than a minute

    many thanks

    Thursday, December 18, 2014 7:36 AM
  • today same thing happened again and it says there is no domain controller at the domain witch is not true of course

    any idea ?

    many thanks

    best

    shad

    Wednesday, January 14, 2015 7:23 AM