From SGOS 6.5.2.x onwards, IWA-Direct supports the option of providing a “Preferred” and an “Alternate” Domain Controllers to which proxy will open Schannel Connections for NTLM Credential Validation.

Whenever the “Preferred” DC is online, ProxySG will use it to process the NTLM requests. If it is not online, then the SG will use the alternate DC. When the Preferred DC comes back online, Proxy will switch back to it. If both Preferred and Alternate DCs are not online, Proxy will fall back to the normal DC selection method based on the LDAP Ping response.

1. From the ProxySG Management Console, select Configuration > Authentication > Windows Domain > Windows Domain.

2. Select a domain in the Domains list and click Edit.
Note: Domain controller options are for NTLM authentication only

3. Enter the preferred controller in the Preferred domain controller text box.

4. Enter an alternate domain controller in the Alternate domain controller text box.

The alternate domain controller is used if the preferred domain controller is not available.