Hello All, I have 3 locations with 2 Domain Controller. Main location hosting 1st DC with 1 Exchange Server. 2nd location just promoted to be a DC for that site. 3rd location is connecting through a PtP dedicated cable connection to 1st DC and are now having problem with logons. I already enable the 2nd DC to be Global Catalog and are replicating, however I think that the 3rd location is having problem because it's trying to authenticate to the 2nd DC which just got promoted. Any help is greatly appreciated. Thx

There should be no route between #2 and #3. This would infer #3 is going to #1 then to #2. This is a bandwidth suck. Properly configure your routers. Next place to review are your #1 DNS entries. Is #2 running dns server? #3 server and workstations should point to #1 for dns NOT #3 gateway.

I've demoted the the DC in site 2 and erase the the dns entry on DC1 and everyone can authenticate to it. Site 3 still cant get to Site 2 but for now it'll be ok because they don't need to go there. I'd like to promote it in the future so that if one site goes down the other one is still up and running. What steps should I take to ensure the individual DC for that site is authenticating for the computers there and not the other 2 sites?

What is your game plan here? Why would you want #2 accessing #3? Isn't all of the resources at #1? Topology is usually in a star configuration. This means #3 and #2 route to #1. If you do a hybrid, which means #3 can go to #2 via #1 you will need more bandwidth at #1 or you need to provide a separate route line between #3 and #2 making a triangle route. Given your first post there should have been no route from #3 to #2 so your conclusion of #2 was authenicating #3 can't be correct. Did you remember to go into sites and services in AD and add the #2 & #3 site subnets?

You're right there. #3 can't access #2 but seems like it was trying to authenticate to #2. 1) I wanted #2 to authenticate it's own site but replicate with #1. 2) #3 authenticate to #1 because it doesn't have a server at it's location. Current state is a star topology. #2 and #3 authenticate to #1. If #1 DC goes down then there is no authentication anywhere. Also if any of the links from #3 to #1 and #2 to #1 goes down then that site is down. Thus the DCpromo to #2. I would also like to put another DC at #1 for backup.

Much better to have two DC's at #1 for AD failover than across a wan link. You would put DCs at #2 and #3 to speed up authenication. You would put folders that #2 accesses regularly on #2's dc and the same for #3