Dear Forum members,
I am stuck a bit with a following issue:
We have several sites which are all connected with VPN to the HQ. We have DC-s on each sites but the PDC is located at the HQ. When there is VPN connection and the PDC is reachable everything is fine. NLA identifies as its supposed to. Problem evolves when for whatever reason there is no VPN connection at all. In this case even if we have DCs locally + exchange servers the NLA fails to authenticate which basically causes the whole site to fail to be working as there is no domain authentication so no fileshare, no printing no outlook.
I learned that a so called LDAP UDP ping is supposed to be operating with the PDC so NLA works correctly only if its reachable but is there any workaround to bypath this? I mean as a site having a DC I should be able to authenticate and use services which are on my site. Is it the expected and normal behavior or am I missing something here? if this is supposed to work like this then its a huge bottleneck ://
Environment is Windows server 2016 + windows 10 LTSC
thanks