Hi.
Environment:
- I got 2 RWDC and 1 RODC
- The RODC is on his own site and subnet
- Specific subnets are associated to the RODC
- Clients are in different subnets
- Clients correctly addressing Port 53 DNS to RODC
Problem:
- Network identification on clients dont work as expected -> Private instead of Domain
- The clients should address their requests to the RODC
- 'Netsh trace' while booting shows: Clients spamming UDP 389 CLDAP to RWDCs
- not one single request to RODC
- Our gateway (hardware-firewall) blocks UDP 389 from the site / subnet to the RWDCs
- As intended
I tried several things now to fix that problem, o.a.:
- Editing SRV-Records (increased weight for RODC on his site)
- btw. the default is added automaticly again to the changed ones
- Added SRV-Record "_ldap _udp" for _dc _msdcs on RODC site
- Checked the site-configuration
- more
Should the clients not address their authentification requets to over the RODC to the RWDC?
I thought the SRV-Records may cause the problem, because all have default values (prio+weigth). Either I made the settings wrong or there is an other reason.
Could there be an other DNS problem?
Thanks for help, MS Learn Community!