Hello,
to explain our problem, it might be useful to first give you a quick overview over our infrastructure:
Exchange 2016 DAG (in sum 4 Exchange nodes)
2 Domain Controllers (each W2k19) on-site
As mentioned, we've two Global Catalog Domain Controllers in the same AD-Site with the names dc01 and dc02. Our so called "CurrentConfigDomainController" (Get-ExchangeServer -Status | select Name, CurrentConfigDomainController) on each Exchange node is "dc01.domain.local". All Outlook clients are connecting via NTLM.
If we restart the second Domain Controller (dc02.domain.local) there is no problem at all. But if we restart the "CurrentConfigDomainController" (in this case dc01.domain.local) a big number of Outlook users get a login prompt. The event logs of the corresponding Exchange nodes don't show any errors - just the normal "current dc not available, switch to second dc" messages.
So the basic question is: Why do the users get this login prompt and is there a chance to solve this?