How can I force BCAAA to connect to a specific domain controller?
search cancel

How can I force BCAAA to connect to a specific domain controller?


Article ID: 165842


Updated On:


ProxySG Software - SGOS


In the event of multiple domain controllers for a given domain, if sites and services is not configured for a given site, any Windows workstation will create a secure channel with a random domain controller in the domain.
This may introduce latency if the domain controller is across the WAN.
Also it may be desirable to have BCAAA establish a secure channel with a specific domain controller to minimize impact on actual logons.
Is it possible to accomplish this?



The NLTEST utility from Microsoft will need to be placed on the Windows workstation or server hosting the BCAAA agent.  This utility is a part of Windows 2003 support tools.  The tools can be downloaded from:


For a list of all the available command line parameters, please run nltest /? from the command line.  Three specific command line parameters will be used.  They are:


nltest /sc_query:<domain name>     This displays which domain controller the secure channel currently is connected to.

nltest /dclist:<domain name>   This displays all available domain controllers by hostname.

nltest /SC_RESET:<domain name>\dcname    This resets the secure channel to the domain controller (DC) specified.


After using nltest /dclist:<domain name> to obtain the list of DC's, use the nltest /sc_reset command to force the secure channel to the desired DC.  Note:  This channel will reset when the Windows server is rebooted.  If you want to force the server where the BCAAA agent resides to a particular DC, create a Windows startup script to force the sc_reset command on bootup.