This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 13%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
I have a standard DC1 on the main office (subnet 192.168.2.0/24) and a RODC1 on a remote office (subnet 192.168.13.0/24) . The two subnet are connected throw VPN
On Site and Services there is s specific site (for the remote office) and a subnet (192.168.14.0/24) that is linked with the remote RODC. Alo the default-first-site-name is linked with subnet 192.168.2.0/24
On the remote office client if check logonserver values and with systeminfo it always show \DC1
Ip is configured to use RODC1 as dns server but anyway the client try to logon to the DC1.
User and computer acount are added to the allowed RODC password replication group
I read that the main rules for the client to choose the dc is the network distance but this seems to be not applied.
Why this happen? What I have to check or modify? If the VPN goes down the user is not able to login
You could follow along here.
--please don't forget to upvote and Accept as answer if the reply is helpful--
I've followed the article and all seems to be fine. Logonserver shows DC1 but nltest /dsgetdc show the RODC, why?
The %logonserver% variable is not very reliable so as a general rule I'd recommend you ignore it.
--please don't forget to close up the thread here by marking answer if the reply is helpful--
Netdiag in not present in window 10 and not in w server 2016.
Just checking if there's any progress or updates?
--please don't forget to close up the thread here by marking answer if the reply is helpful--