How to determine domain controller used for authentication

windows-server-2008 active-directory windows-server-2003 iis

Solution 1:

To answer your second question first:

Since you're still using NTLM, reading about the flow of NTLM in a multi-domain environment might help you out a bit with this. IIS will contact a Domain Controller (DC) in its domain, which will in turn contact a DC in the trusted domain.

The trusting DC does a DNS lookup against the trusted domain's name and sends LDAP and NetBIOS requests to all the DCs returned by that query. The first one that responds "wins". That's likely why you're seeing some non-determinism in this process. You could influence this process by monkeying with DNS.

Locating the authenticating DC is going to be a matter of either capturing the authentication traffic, or watching the Security Event Log of all the DCs where the authentication could be occurring.

Related

EtcKeeper: Switching from bzr to git
VMware Vmotion 5.1 fails at 51% , Between two identical new vmware servers
Debian unattended-upgrades does not upgrade all packages
Dockerfile separation of concerns for a secure apache httpd server with respect to SSL certification files
How do I disable the metadata lookup at cirros boot?
HP Procurve 2920 VLANs with DHCP cannot ping
How to use CNAME to external hosts on local DNS Server?
Set MTU of interface via powershell
Puppet: How to skip restart during package upgrade until config is replaced?
SCSI disks capped at 40 MB/s
Windows Event Collector Load Balancing to multiple Collectors
Rename Junk folder in dovecot IMAP server