RODC Failure...

-

hi,

so going absolutely crazy try configure rodc authenticate clients after credential caching has been done authentication done on rodc.

this doing, can 1 please tell me i'm doing wrong.

1.so configure clients ip dc dhcp , join clients dc. (tested , working)

2.then configure rodc on dc password retention policy , set rodc server new server vm. (tested , working)

3.then change rodc primary dns ip (127.0.0.1) , alternate dns dc ip.

4.then point clients use rodc primary dns ip , dc alternate dns ip

5.then turn off dc , test clients authenticate rodc, clients login network unknown , not domain network. @ point have checked clients ip other dhcp has given them because of changing primary dns of clients rodc ip.

as can see below w10, w8 , w7 computers , madmin, m1 , m2 clients allowed in password retention policy yet authentication happens @ dc, missing step.

could 1 kindly please let me know doing wrong.

thank much




hi tryllzhuud,

>>but network unknown , not domain network

for issue, suppose try following methods see if helps:

1>using ipconfig /flushdns to flush dns caches

2>open cmd console, run ipconfig /renew to re-obtain ip address 1 of problem machines check if works.

3>restart 1 of these problem machines check network settings see if in domain networks.

>> i have checked clients ip other dhcp has given them i

what ip address did these machine use currently? post ipconfig /all here further helps.

besides, consider using network capture tool analysis this:

for downloading, please navigate link below:

http://www.microsoft.com/en-sg/download/details.aspx?id=4865

in addition, there blog rodc authentication, further understanding authentication :

https://blogs.technet.microsoft.com/askds/2008/01/18/understanding-read-only-domain-controller-authentication/

if resolve using own solution, please share experience , solution here. beneficial other community members have similar questions.

if no, please reply , tell current situation in order provide further help.

best regards,

andy_pan

please remember mark replies answers if , unmark them if provide no help.
if have feedback technet subscriber support, contact tnmff@microsoft.com.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more

Invalid pointer on gpresult /h gpreport.html

-
hello guys i getting following error when trying generate gpresult /h  xxx.html invalid pointer this happening on windows 7 pc using test group policy. tried pc same thing when same gpo applied . hi, try apply some other gpo clients, html report generated succefully? if no, may caused unregistered .dll files, try register .dll files previous thread suggested: http://social.technet.microsoft.com/forums/en-us/winservergp/thread/0ea20c5d-c0ae-457d-89d4-a1686a359e72 if yes, please tell detailed information problematic gpo settings reproduce problem , troubleshooting it. regards, cicely Windows Server  >  Group Policy
Read more