Hi All, # W2K3 DFM - Windows Server 2003 # FFM - Windows Sever Interim. I have the following site topology. Network: Two Core locations(MAN Gbps), on to which are attached 9 backbone locations(155Mbps). Access2 locations are attached to one backbone with a VPN(ISDN\DSL) fallback back to one of the Core locations. DC's are placed only on the core and backbone locations (this is domestic, i.e Germany). There are a total of 872 locations world wide. For the site (objects of type siteLink, subnet and site) information I have a scripted solution. Every network location has a site, and the subnets are allocated at this level enabling us to offer "service location" for DFS and print, i.e I have serverless sites which are "covered" by the relevant DC's on the core and backbone levels. I qualify the clients "site awareness" with nltest /server:XXXXXX /dsgetsite - no problems. I then qualify with nltest /server:DCNAME / dsgetsitecov that the server is "covering" the site with the value from the last query - no problems. These changes have been made before Christmas after a major network project was finished. Before the subnets were allocated at the backbone\core. The first clients since a "frozen zone" are being set up in locations outside of the core but the installation is cutting during the joindomain. The computer account is being created on a DC in one of the core sites, client reboots and tries to establishes a secure channel to its closest DC, as it should but because the repl isn't through no computer account( XP SP2), no ticket -goodbye! To help the client guys and in order to qualify whether or not this is an AD problem I have checked the netsetup.log on the client. Account that is carrying out the joindomain has not been changed and has enough permissions. The joindomain uses the NetBIOS name of the domain but obviously DNS is being used for the joindomain. As far as I am aware once the client discovers there is no DC on its own subnet the dsgetsite api sends an dns query for the SRV _LDAP._tcp.dc._msdcsdomainname, i.e give me a DC that is responsible for the X domain. DC should then inform the client, based upon the IP information that the client belongs to x Site and for this site are X and X DC's are repsonbile. DsGetDcName finds a DC but in this case a DC in the core location, not its closest. Clients already rolled out and belonging to the same site are authenticated by a DC in the correct site. This is puzzling me. I checked the metadata for the computer object which confirmed that whenCreated is beind stamped on a DC which is covering one of the core sites. I don't have any problems on the DC's with regards to overload etc. According to the client guys\rollout team the DHCP scope options have not been changed for the clients. If anyone has any ideas on this one I would appreciate it. Prestaging was my first suggestion but apparently a no no!
Mit freundlichen Grüßen Will Holt ZIT P 5.31 Directory Services C O M M E R Z B A N K A G Mainzer Landstr. 151 D-60261 Frankfurt am Main Tel.: + 49 (0) 69 136 - 41996 Mobile: + 49 (0) 172 6176344 E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>