thank you for providing further details.
I would recommend to check client logs at location A first. For Windows machines please navigate to: Event Viewer > System logs. Search for logs with Level: Error and Warning. Ideally do the same for multiple clients facing the same issue at location A to find a common pattern.
I would also recommend to check logs on Domain Controller side at location B. On Domain Controller side, navigate to: Event Viewer > Applications and Services Logs. By default Active Directory records only Critical and Error events. If you want to enable lower severity logs for diagnostics, you can refer to this guide: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-ad-and-lds-event-log...
On Firewall side, I would check Traffic logs in both locations A and B. I would recommend to narrow down search by filtering Traffic Logs for IP addresses of clients having an issue and Domain Controllers. If there is no deny logs indicating policy is blocking traffic, please add columns Bytes Sent and Bytes Received to confirm that there is a bidirectional communication that Domain Controller is responding to clients. Samples are below:
Based on result of findings in Client/Domain Controller Logs + Firewall Traffic Logs, I would set next course of action. If you still can't find anything conclusive as a next step I would recommend to install DCDiag on one of the machine: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc...
I hope this helps with troubleshooting.
Kind Regards
Pavel
