I'm really struggling with this issue. We have four Domain Controllers (DCs) – two at SiteA and two at SiteB. Each site has its own subnets configured properly in Sites and Services. A server at SiteA can log in without any problems and connects to the correct logon server. However, when trying to apply Group Policy Objects (GPOs), it's unexpectedly contacting SiteB for those settings. We've set up firewalls between SiteA and SiteB, so only the DCs can communicate and no other servers can access each other's sites. I'm at a complete loss. Why would a server from SiteA be reaching out to SiteB for GPO settings?
4 Answers
You might want to copy your configuration and GPOs over to an AI tool to see if it highlights anything. It often finds something that seems illogical, and sometimes it's just one small setting throwing things off.
Are you certain that your subnets are configured correctly? I'm curious about the network setup you have—what's the reason for this configuration?
This seems like it could be a SYSVOL replication issue. Have you checked if the replication is functioning as it should be?
It sounds like there's probably a replication issue. If you're isolating the sites using unroutable subnets, how can you expect the DCs to replicate properly? Also, if the DNS is directing the requests to SiteB, that could explain why SiteA is reaching out there for GPO settings. You should check your site metrics to ensure that your local DC has priority.
I’m 10000% sure the subnets are set up correctly for their respective sites. As for the setup, we need to segregate the sites for policy reasons.