Need some help on authentication. Noticed in the our logs that user1 has a ton of Kerberos pre-auth failures. User1 has a bad password. However when I look at the logs more closely, I'm a little confused on the events.
User1 is authenticating against DC2. I see a second authentication attempt from DC2 against DC1 for User1. DC1 and DC2 belong to the Kerb Realm. Why is auth going from DC2 to DC1? Why isnt the auth happening on DC2?