Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Windows Server 2008 R2
 problem with caching credentials on rodc
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  06:45:28 AM  Show Profile  Reply with Quote
i have one site with one domain my.domain. in domain i have rwdc on subnet 192.168.0.0/24 and on subnet 192.168.3.0/24 rodc. i installed successfully rodc i made replication beetwen rwdc and rodc, but i have problem when on rwdc i try rodc/properties/password replication policy/advanced/accounts whose passwords are stored on rodc that caching password/prepopulate password of user which is in allowed user group to access rodc i receive error:

passwords of none of the accounts could be prepopulated. the following error was encounterated: the specified server can not perform the requested operation.

i used:
C:\Users\administrator.DRI>repadmin /showreps
Default-First-Site-Name\rwdc
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: c833e342-ab4b-47c7-9a42-ed5fe6a924dd
DSA invocationID: aefc3157-9e0e-4254-add3-cf3addbaba8a

what i do?
thanks

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  07:10:40 AM  Show Profile  Reply with Quote
when i try from client on subnet 192.168.3.0/24 command

C:\Windows\system32>nltest /dsgetdc:my.domain /writable /TRY_NEXT_CLOSEST_SITE
DC: \\rwdc.my.domain Address: \\192.168.0.20
Dom Guid: d9ed3ceb-6068-4caf-9150-d37faf4981d8
Dom Name: my.domain
Forest Name: my.comain Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
DNS_FOREST CLOSE_SITE FULL_SECRET
The command completed successfully

what i do?
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  08:37:22 AM  Show Profile  Reply with Quote
when i go in rwdc active directory sites and services/default-first-site-name/servers/rodc and i click replication now i receive error

quote:

the following error occured during the attempt to contact the domain controller rodc: the rpc server is unavailable. this condition may be caused by a dns lookup problem


maybe this problem disable prepopulation password (caching credentials)?
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  09:07:54 AM  Show Profile  Reply with Quote
when i start dcdiag /v on rodc i receive:
quote:
Testing server: Default-First-Site-Name\rodc

Starting test: Advertising

Warning: DsGetDcName returned information for \\rwdcD.my.domain, when

we were trying to reach rodc.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... rodc failed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4

Time Generated: 02/13/2013 23:59:50

Event String:

The File Replication Service is having trouble enabling replication from rwdc.my.domain to rodc for c:\windows\sysvol\domain using the DNS name rwdc.my.domain. FRS will keep retrying.

Following are some of the reasons you would see this warning.



[1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

[2] FRS is not running on rwdc.my.domain.

[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.



This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

An Warning Event occurred. EventID: 0x800034C4

Time Generated: 02/14/2013 00:07:50

Event String:

The File Replication Service is having trouble enabling replication from rwdc to rodc for c:\windows\sysvol\domain using the DNS name rwdc.my.domain. FRS will keep retrying.

Following are some of the reasons you would see this warning.



[1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

[2] FRS is not running on rwdc.my.domain.

[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.



This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

......................... rodc passed test FrsEvent
Starting test: NetLogons

* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\rodc\netlogon)

[rodc] An net use or LsaPolicy operation failed with error 67,

The network name cannot be found..

......................... rodc failed test NetLogons



i found that netlogon and sysvol is not configured on rodc
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  10:13:20 AM  Show Profile  Reply with Quote
when i use command from rwdc to rodc ntfrsutl version rodc.my.domain

quote:
C:\Users\administrator.my.domain>ntfrsutl version rodc.my.domain
NtFrsApi Version Information
NtFrsApi Major : 0
NtFrsApi Minor : 0
NtFrsApi Compiled on: Apr 10 2009 20:14:06
ERROR - Cannot bind w/authentication to computer, rodc.my.domain; 000006ba (
1722)
ERROR - Cannot bind w/o authentication to computer, rodc.my.domain; 000006ba
(1722)
ERROR - Cannot RPC to computer, dri-dcro.dri.local; 000006ba (1722)

[/quote]
this command works from rodc to rwdc.
i enabled rpc traffic through my firewall.
also when i start command on rodc net share i don't see sysvol and netlogon. why?
Go to Top of Page

wkasdo
Administrator

Netherlands
7637 Posts
Status: offline

Posted - 02/14/2013 :  10:53:49 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
So FRS is not replicating on a newly promoted RODC? Chances are that the real problem is on the RWDC.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/14/2013 :  2:27:18 PM  Show Profile  Reply with Quote
for example when i create user account on rwdc this account shows in active directory user and computers of rodc after one minute. when i made reverese lookup zone for my subnet 192.168.3.0/24 in dns of my rwdc, this reverse lookup zone replicate in rodc. i don't know where that i search solution. what i do on rwdc,
pls help me.
Go to Top of Page

wkasdo
Administrator

Netherlands
7637 Posts
Status: offline

Posted - 02/15/2013 :  02:31:25 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Check the FRS log.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/17/2013 :  3:25:47 PM  Show Profile  Reply with Quote
i solved problem. the problem have been with firewall. when i opened ports all is ok. now i have problem with branch clients where's my RODC.my clients does not logon over RODC but with RWDC. my branch office is on subnet 192.168.3.0/24, and my main office is on subnet 192.168.0.0/24. i set on branch clients primary dns on RODC 192.168.3.34 but logon go on RWDC. i check active directory site and service on RWDC and i have default site where are both DCs (RODC and RWDC). in subnet i don't have subnet 192.168.0.0/24 and 192.168.3.0/24 maybe this is problem because what my branch clients cannot logon over RODC? plz help me
thank

Edited by - gogi100 on 02/17/2013 3:30:44 PM
Go to Top of Page

wkasdo
Administrator

Netherlands
7637 Posts
Status: offline

Posted - 02/17/2013 :  5:08:03 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
The short version:

- create a new Active Directory site for the branch, and a sitelink between them
- move the RODC to the new site
- assign correct subnets to existing site (default site, rename if you like) and to the new branch site.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/18/2013 :  02:22:41 AM  Show Profile  Reply with Quote
you think that branch users can not logon in RODC for this reasons?
Go to Top of Page

wkasdo
Administrator

Netherlands
7637 Posts
Status: offline

Posted - 02/18/2013 :  03:23:00 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Yes.

If you have XP clients, you also need to install the RODC client hotfix.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/18/2013 :  03:45:39 AM  Show Profile  Reply with Quote
yes i have xp clients with SP3. where's i can find this hotfix?
thanks
Go to Top of Page

gogi100
Seasoned But Casual Onlooker

45 Posts
Status: offline

Posted - 02/18/2013 :  03:51:35 AM  Show Profile  Reply with Quote
that I have to use GPO for closest DC for windows 7, vista and windows server 2008 or not?
Go to Top of Page

wkasdo
Administrator

Netherlands
7637 Posts
Status: offline

Posted - 02/18/2013 :  04:09:51 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
This hotfix: http://support.microsoft.com/kb/944043/en-us

No GPO needed if you have sites setup correctly.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.16 seconds. Snitz Forums 2000