On Mon, Apr 27, 2009 at 11:42 AM, Daniel Sichel <[email protected]>wrote:
> I cannot find > what > exactly Microsoft is doing even using packet traces, but I did see that > you MUST allow ICMP traffic to the DC > for group policy to happen. Heaven knows why. Learned this one the hardway back when Welchia was a going concern for a virus. Windows Login process pings all DC's that it knows about. The round trip time of the ICMP packet is part of the selection process for DC selection. Windows logon process assumption is no ping, no logon server available.
