[If you missed to read part-1 of this article, read it from here]
In part-2, I am going to cover the steps taken by a windows XP computer when the DC it cached goes down. As said earlier, XP caches DC name intially and supplies the DC name to applications that are requesting for it. Also netlogon process frequently checks for the availability of cached DC by doing a LDAP ping. If it finds that cached DC is down, it tries to get another available DC by using /force discovery flag(see nltest help). In this case it may go to a DC which is sitting in other AD site if no local DCs are available. But what I observed is, in some of the cases netlogon is not trying to force rediscover even if the cached DC is down. I guess it has some schedule and it is waiting for it. In this case one can restart netlogon service or use nltest /dsgetdc:domainname.com /force command to refresh the DC list. So now XP is happy that it got another available domain controller at the cost of slow access(because it is in remote site connected by wan links). But remember that XP will not switch automatically to local DC when local DC becomes online again. The netlogon refresh everytime finds the DC(remote one) it cached is available and will not try for force discovery. The XP can get local DC only if either Remote DC it connected goes down or when XP machine is rebooted.
I did some discussion on netlogon behavior in one of the forum and a guy has written to a tool to address the situation where in netlogon fails to get new DC when the cached DC goes down. You can download this tool from here.
Please refer to http://www.petri.co.il/forums/showthread.php?t=31534 for more details.
Happy learning…,
Sitaram Pamarthi