Our company has a forest with many domains, and we manage one of the
domains only. In our domain we have 3 dc's which replicate with the
dc's in the root domain no problem. Our dc's and the root domian dc's
are in 2 different sites, but also in the root domain site we
physically installed a dc that is part of our domain so some of our
users there can log in locally without traversing the huge geographic
distance. We also have a site to site vpn connection from our domain to
the root domain.
Heres the problem part:
We are using a web based application (plumtree software) hosted in the
root domain that the users from our domain, (including our users
phyically in the root domain), logon to with their own AD credentials.
When the vpn site to site goes down between our sites though, none of
the users can logon to the web based program using their AD
credentials, but when the site to site vpn is up theres no problem.
Our dc in the root site is using the dns ip's of the root dc's and all
servers are windows 2003 latest sp's an dupdates etc...
I can also access the website straight thru the internet hosted in at
the root of the forest by logging in with my AD credentials to the
platform no problem. If I disconnect the vpn site to site connection at
work from our domain to the root domian I get an error logging in.
How is it possible that I can log in right thru the internet but not
when the vpn is down??? I think what may be a problem is that as I
login with my AD credentials it tries to authenticate me across the vpn
to in our domain then travels back thru the vpn to the root for
authentication - this is defeating the whole purpose of why we
physically put a DC in the root domian site connected to our domain.
How can we make sure that users will be authenticated by the DC in the
root domian not in our local domain?
Thanks so much in advance for your help!
