I am having issues with win2k clients authenticating across my wan vs. to their local DC. Environment: 1) All servers and clients SP3. 2) Main office with 4 DCs and FSMO roles. 3) Two remote sites with a single DC at each remote site. 4) AD integrated DNS running on 3 DCs one at each site and clients point to local DNS/DC then across WAN to main site DNS server. 5) Each DC is located in its correct site with the correct subnet assigned to the site. 6) File and AD replication works fine. A while ago I changed our Win2k environment to includes sites and subnets so that remote win2k clients would log into there local DC. This all seemed to be working fine. We then moved buildings that one of our remote sites was located in. After that move the clients are back to authenticating across the wan to our main office from that moved site. At first I thought that the site DC was not authenticating at all but it does sometimes authenticate users but most of the times it doesn't (out of 8 PCs at that site all but 1 authenticate across the wan). Checks: 1) I checked the event logs on the troublesome site and all appears fine. 2) I checked DNS and all appears fine. I checked from clients as well. 3) I ran dcdiag and all tests pass. 4) I ran nltest /dclist:domanname and it showed all domain controllers in the correct sites. Does anyone have any ideas why the clients won't authenticate to the local DC? Is there anyway to force the clients to a preferred DC? I am drawing a major blank at the moment and any help would be most appreciated. Matthew Shrewsbury Network Administrator