Cannot Login to Read Only Domain Controller

one of read domain controller servers shut down unexpectedly due power outage , cannot login anymore. when server powered on again, came error regarding on of hard drives failing (raid1)

i message access denied when try login 1 of domain admin accounts. rodc, there no local accounts me use. rodc running on windows server 2008 r2. server running dhcp/print/file server office these not working well.

i checked pdc , coming following error in event viewer

log name: system

source: security-kerberos

event id: 4

level: error

the kerberos client received krb_ap_err_modified error server rodc01$. target name used domain/rodc01.domain.local. indicates target server failed decrypt ticket provided client. can occur when target server principal name (spn) registered on account other account target service using. please ensure target spn registered on, , registered on, account used server. error can happen when target service using different password target service account kerberos key distribution center (kdc) has target service account. please ensure service on server , kdc both updated use current password. if server name not qualified, , target domain (domain.local) different client domain (domain.local), check if there identically named server accounts in these 2 domains, or use fully-qualified name identify server.

 

i have tried reset computer password netdom following error

netdom resetpwd /server:rodc01 /userd:administrator /passwordd:*

the machine account password local machine not reset.

logon failure: target account name incorrect.

the command failed complete successfully.

 

if try reset password using ip address instead, following error

netdom resetpwd /server:192.168.10.1 /userd:administrator /passwordd:*

the machine account password local machine not reset.

access denied.

the command failed complete successfully.

 

i checked ad , dns , rodc object  is present

if run repadmin /replsum on pdc message faulty rodc server

experienced following operational errors trying retrieve replication information:

        8341 – rodc01.domain.local

any advice appreciated

thanks

logon server in directory services restore mode (dsrm) using password supplied during dcpromo and verify active directory database isn't corrupted on rodc - see indications on in directory services log.

---

enfo zipper
christoffer andersson – principal advisor
http://blogs.chrisse.se - directory services blog

Windows Server  >  Directory Services