We have an AD Domain with two sites and 6 domain controllers. Four of the DCs are in our primary site and 2 are in our secondary site and they are a mixture of 2003 and 2008 machines. As far as I can tell our sites are setup properly with the correct subnets associations an all that.
Our problem is that we constantly have users in our main site that wind up authenticating against the DCs in the remote site which slows things down quite a bit. I thought proper site configuration was supposed to prevent this. Am I missing something? Do we have something configured wrong?
It's possible that your local DCs aren't responding fast enough. Try running KCC, dcdiag, netdiag, nltest on your local DCs and see if something is bad.
It's also possible that the Sites and Subnets config isn't correct, which would cause what you're seeing. You say you think they're correct though; since we can't see it, I couldn't say.
Edit - Spiff gets to the point. The subnet(s) that contain the HQ clients have to be associated with the site that is also associated with subnet(s) that contain the HQ DCs. If they are in the same subnet, then there's something weird going on.