problem with credential caching on rodc

Home Forums Microsoft Networking and Management Services Active Directory problem with credential caching on rodc

This topic contains 4 replies, has 1 voice, and was last updated by Avatar gogi100 6 years, 6 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    gogi100
    Member
    #160916

    i have one site with one domain my.domain. in domain i have rwdc on subnet 192.168.0.0/24 and on subnet 192.168.3.0/24 rodc. i installed successfully rodc i made replication beetwen rwdc and rodc, but i have problem when on rwdc i try rodc/properties/password replication policy/advanced/accounts whose passwords are stored on rodc that caching password/prepopulate password of user which is in allowed user group to access rodc i receive error:

    passwords of none of the accounts could be prepopulated. the following error was encounterated: the specified server can not perform the requested operation.

    i used:
    C:Usersadministrator.DRI>repadmin /showreps
    Default-First-Site-Namerwdc
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: c833e342-ab4b-47c7-9a42-ed5fe6a924dd
    DSA invocationID: aefc3157-9e0e-4254-add3-cf3addbaba8a

    what i do?
    thanks

    Avatar
    gogi100
    Member
    #334979

    Re: problem with credential caching on rodc

    when i try from client on subnet 192.168.3.0/24 command

    C:Windowssystem32>nltest /dsgetdc:my.domain /writable /TRY_NEXT_CLOSEST_SITE
    DC: [URL=”file://\rwdc.my.domain”]\rwdc.my.domain[/URL] Address: [URL=”file://\192.168.0.20″]\192.168.0.20[/URL]
    Dom Guid: d9ed3ceb-6068-4caf-9150-d37faf4981d8
    Dom Name: my.domain
    Forest Name: my.comain Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE FULL_SECRET
    The command completed successfully

    what i do?

    Avatar
    gogi100
    Member
    #334980

    Re: problem with credential caching on rodc

    when i go in rwdc active directory sites and services/default-first-site-name/servers/rodc and i click replication now i receive error

    Quote:
    the following error occured during the attempt to contact the domain controller rodc: the rpc server is unavailable. this condition may be caused by a dns lookup problem

    maybe this problem disable prepopulation password (caching credentials)?

    Avatar
    gogi100
    Member
    #334981

    Re: problem with credential caching on rodc

    when i start dcdiag /v on rodc i receive:

    Quote:
    Testing server: Default-First-Site-Namerodc

    Starting test: Advertising

    Warning: DsGetDcName returned information for \rwdcD.my.domain, when

    we were trying to reach rodc.

    SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

    ……………………. rodc failed test Advertising

    Test omitted by user request: CheckSecurityError

    Test omitted by user request: CutoffServers

    Starting test: FrsEvent

    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the

    SYSVOL has been shared. Failing SYSVOL replication problems may cause

    Group Policy problems.
    An Warning Event occurred. EventID: 0x800034C4

    Time Generated: 02/13/2013 23:59:50

    Event String:

    The File Replication Service is having trouble enabling replication from rwdc.my.domain to rodc for c:windowssysvoldomain using the DNS name rwdc.my.domain. FRS will keep retrying.

    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

    [2] FRS is not running on rwdc.my.domain.

    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    An Warning Event occurred. EventID: 0x800034C4

    Time Generated: 02/14/2013 00:07:50

    Event String:

    The File Replication Service is having trouble enabling replication from rwdc to rodc for c:windowssysvoldomain using the DNS name rwdc.my.domain. FRS will keep retrying.

    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

    [2] FRS is not running on rwdc.my.domain.

    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    ……………………. rodc passed test FrsEvent
    Starting test: NetLogons

    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\rodcnetlogon)

    [rodc] An net use or LsaPolicy operation failed with error 67,

    The network name cannot be found..

    ……………………. rodc failed test NetLogons

    i found that netlogon and sysvol is not configured on rodc

    Avatar
    gogi100
    Member
    #334982

    Re: problem with credential caching on rodc

    when i use command from rwdc to rodc ntfrsutl version rodc.my.domain

    Quote:
    C:Usersadministrator.my.domain>ntfrsutl version rodc.my.domain
    NtFrsApi Version Information
    NtFrsApi Major : 0
    NtFrsApi Minor : 0
    NtFrsApi Compiled on: Apr 10 2009 20:14:06
    ERROR – Cannot bind w/authentication to computer, rodc.my.domain; 000006ba (
    1722)
    ERROR – Cannot bind w/o authentication to computer, rodc.my.domain; 000006ba
    (1722)
    ERROR – Cannot RPC to computer, dri-dcro.dri.local; 000006ba (1722)

    this command works from rodc to rwdc.
    i enabled rpc traffic through my firewall.
    also when i start command on rodc net share i don’t see sysvol and netlogon. why?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Register for this Petri Webinar!

Want to Make Your Backup Storage Unlimited & Ready for the Cloud? – Free Thurrott Premium Account with Webinar Registration!

Tuesday, August 27, 2019 @ 1:00 pm EDT

A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

Register Now

Sponsored By