Logon server assignment

Which login server is responsible

How does a client in a domain find its logon server?

If a client has just become a member of a domain, it asks its primary DNS server during the start process which domain controllers are available. Its location is already known.

The first query is:

_ldap._tcp.ESSEN._sites.dc._msdcs.BSCORE.LOCAL *

Which login server is responsible

The DNS server response includes a list of all domain controllers assigned to its site.

The client taps the domain controllers of his site in order. If a DC reports back, this will be its primary login server.

If the client does not get an answer from its site, then it must assume that these are offline.

The client now asks the domain for a DC.

The second query is:

_ldap._tcp.dc._msdcs.BSCORE.LOCAL

Preferred logon server

There is currently one weak spot in the negotiation algorithm of Netlogon AES-CFB8:

Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)

Netlogon Remote Protocol:

[MS-NRPC] CVE-2020-1472

Browser security check