If your users are managed in your Active Directory store you might encounter a connection issue when setting up ArcGIS Server Security. This article explains why it happens and how to prevent it.
You may see a message similar to this: "Could not connect to the identity store as one or more of the connection parameters is incorrect. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters. [IP Address]:3268"
To understand how ArcGIS Server connects to your identity store please read this help article first.
To elaborate on that help article: When GIS tier authentication is set you are hitting the domain controller with the user credential you have entered in the Security Configuration Wizard in ArcGIS Server Manager.
The domain controller which this user credential has been set to hit is also where ArcGIS Server will go to verify the user. But if you have multiple domain controllers this might be different to the master domain controller.
To ensure that the master domain controller is always hit, ensure that it’s IP address is set through the ArcGIS Server Administrator Directory as per step 3 of the help article (see below)
As Web tier authentication takes the credentials from your Web Server this is already likely to be set up to hit the master domain controller.