Hello everybody,
I create a new topic after my first one here : https://social.technet.microsoft.com/Forums/windowsserver/en-US/1b551474-8d04-470f-94a7-08fb2bbd45ff/client-not-authenticating-to-the-right-domain-controller-but-the-site-is-correctly-identified?forum=winserverDS#b23a803c-2640-4cab-bcee-3fcd259b6431
I have an issue with a DC (win 2003 Sp2) that doesnt authenticate the user associated to its website (no subnet overlap, clients retrieve the AD right AD site, etc.) but the authentication is done to another DC, in another AD site).
I run this command on a client that has an IP address on the subnet attached to the AD site :
klist query_bind
I have this information regarding my DC attached to this AD Site :
#3> RealmName: MyDomain.local
KDC Address: MYDC.MyDomain.local
KDC Name: (null)
Flags: 0x41000 -> WRITABLE_REQUIRED NEXTCLOSEST_SITE
DC Flags: 0xe00001fc -> GC LDAP DS KDC TIMESERV CLOSEST_SITE WRITABLE DN
S_DC DNS_DOMAIN DNS_FOREST
Cache Flags: 0
On other DCs, I have more something like this :
RealmName: ABC
KDC Address: 1.2.3.4
KDC Name: DC_ABC
Flags: 0
DC Flags: 0x8000017c -> GC LDAP DS KDC TIMESERV WRITABLE DNS_FOREST
Cache Flags: 0
I think that's the point but I am not able to decrypt this output for now.
Thank you everybody :)