Announcement

Collapse
No announcement yet.

problem with credential caching on rodc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with credential caching on rodc

    i have one site with one domain my.domain. in domain i have rwdc on subnet 192.168.0.0/24 and on subnet 192.168.3.0/24 rodc. i installed successfully rodc i made replication beetwen rwdc and rodc, but i have problem when on rwdc i try rodc/properties/password replication policy/advanced/accounts whose passwords are stored on rodc that caching password/prepopulate password of user which is in allowed user group to access rodc i receive error:

    passwords of none of the accounts could be prepopulated. the following error was encounterated: the specified server can not perform the requested operation.

    i used:
    C:\Users\administrator.DRI>repadmin /showreps
    Default-First-Site-Name\rwdc
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: c833e342-ab4b-47c7-9a42-ed5fe6a924dd
    DSA invocationID: aefc3157-9e0e-4254-add3-cf3addbaba8a

    what i do?
    thanks

  • #2
    Re: problem with credential caching on rodc

    when i try from client on subnet 192.168.3.0/24 command

    C:\Windows\system32>nltest /dsgetdc:my.domain /writable /TRY_NEXT_CLOSEST_SITE
    DC: \\rwdc.my.domain Address: \\192.168.0.20
    Dom Guid: d9ed3ceb-6068-4caf-9150-d37faf4981d8
    Dom Name: my.domain
    Forest Name: my.comain Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE FULL_SECRET
    The command completed successfully

    what i do?

    Comment


    • #3
      Re: problem with credential caching on rodc

      when i go in rwdc active directory sites and services/default-first-site-name/servers/rodc and i click replication now i receive error
      the following error occured during the attempt to contact the domain controller rodc: the rpc server is unavailable. this condition may be caused by a dns lookup problem
      maybe this problem disable prepopulation password (caching credentials)?

      Comment


      • #4
        Re: problem with credential caching on rodc

        when i start dcdiag /v on rodc i receive:
        Testing server: Default-First-Site-Name\rodc

        Starting test: Advertising

        Warning: DsGetDcName returned information for \\rwdcD.my.domain, when

        we were trying to reach rodc.

        SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

        ......................... rodc failed test Advertising

        Test omitted by user request: CheckSecurityError

        Test omitted by user request: CutoffServers

        Starting test: FrsEvent

        * The File Replication Service Event log test
        There are warning or error events within the last 24 hours after the

        SYSVOL has been shared. Failing SYSVOL replication problems may cause

        Group Policy problems.
        An Warning Event occurred. EventID: 0x800034C4

        Time Generated: 02/13/2013 23:59:50

        Event String:

        The File Replication Service is having trouble enabling replication from rwdc.my.domain to rodc for c:\windows\sysvol\domain using the DNS name rwdc.my.domain. FRS will keep retrying.

        Following are some of the reasons you would see this warning.



        [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

        [2] FRS is not running on rwdc.my.domain.

        [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.



        This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

        An Warning Event occurred. EventID: 0x800034C4

        Time Generated: 02/14/2013 00:07:50

        Event String:

        The File Replication Service is having trouble enabling replication from rwdc to rodc for c:\windows\sysvol\domain using the DNS name rwdc.my.domain. FRS will keep retrying.

        Following are some of the reasons you would see this warning.



        [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

        [2] FRS is not running on rwdc.my.domain.

        [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.



        This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

        ......................... rodc passed test FrsEvent
        Starting test: NetLogons

        * Network Logons Privileges Check
        Unable to connect to the NETLOGON share! (\\rodc\netlogon)

        [rodc] An net use or LsaPolicy operation failed with error 67,

        The network name cannot be found..

        ......................... rodc failed test NetLogons
        i found that netlogon and sysvol is not configured on rodc

        Comment


        • #5
          Re: problem with credential caching on rodc

          when i use command from rwdc to rodc ntfrsutl version rodc.my.domain

          C:\Users\administrator.my.domain>ntfrsutl version rodc.my.domain
          NtFrsApi Version Information
          NtFrsApi Major : 0
          NtFrsApi Minor : 0
          NtFrsApi Compiled on: Apr 10 2009 20:14:06
          ERROR - Cannot bind w/authentication to computer, rodc.my.domain; 000006ba (
          1722)
          ERROR - Cannot bind w/o authentication to computer, rodc.my.domain; 000006ba
          (1722)
          ERROR - Cannot RPC to computer, dri-dcro.dri.local; 000006ba (1722)
          this command works from rodc to rwdc.
          i enabled rpc traffic through my firewall.
          also when i start command on rodc net share i don't see sysvol and netlogon. why?

          Comment

          Working...
          X