none
Account passwords in RODC are not cached

    Question

  • Hi,

    I have one Windows Server 2016 write-able DC and one Windows Server 2016 read-only DC. I have created a user on write-able DC and added it to allowed RODC replication group on RODC. When I login from Windows 10 client, It's password is not cached and I do not see it in list.

    Please see the following screen shots. What I am missing? Does it take to visible?


    Thursday, March 30, 2017 9:03 PM

Answers

  • It worked by placing RODC and WRDC in separate AD sites :)

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/b857a779-8ea1-4e7b-ba3c-c594ab74389f/user-account-passwords-in-rodc-are-not-cached-despite-adding-them-in-allowed-password-replication?forum=winserverDS&prof=required

    • Marked as answer by Karim Buzdar Monday, April 10, 2017 9:09 PM
    Monday, April 10, 2017 9:09 PM

All replies

  • Hi. Can I check the client machine you're logging onto is in the same AD site as the RODC?
    Saturday, April 1, 2017 4:04 PM
  • Hi Stu,

    Thank you for your reply. Yes, they are in same site.

    / Karim

    Saturday, April 1, 2017 7:25 PM
  • Could you try adding the computer account as well to the cached list. Also the caching happens when the authentication is actually occuring to the read only domain controller.

    'nltest /dsgetdc:<domain>' , can you see if you are getting redirected to the read only domain controller.

    Also note that the first time authentication caching does not happen and the caching happens during the second try.

    Sunday, April 2, 2017 6:38 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 3, 2017 1:33 AM
    Moderator
  • Hi Alvin,

    My issue is not resolved yet.

    / Karim

    Monday, April 3, 2017 5:02 AM
  • Hi karim,

    I notice that you have posted a new thread in our forum. Hope you could get a sloution there.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 6, 2017 3:40 AM
    Moderator
  • I have exactly the same problem.

    The user's password is not cached on the RODC after multiple logons, yet he is allowed to.

    Confirmed in the "resultant policy" Tab...

    I suspect Windows 2016.

    Sunday, April 9, 2017 2:25 AM
  • Did you try setting up RODC the same way on windows Server 2012? Does it work on 2012?

    Sunday, April 9, 2017 9:41 AM
  • I don't know the result with 2012. i did not try.

    In my configuration, i have a writable DC 2016 et an RODC 2016 in remote site through WAN link.

    Monday, April 10, 2017 1:05 PM
  • I am testing in my virtual environment. Please let me know here if you find out the solution.
    Monday, April 10, 2017 2:04 PM
  • It worked by placing RODC and WRDC in separate AD sites :)

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/b857a779-8ea1-4e7b-ba3c-c594ab74389f/user-account-passwords-in-rodc-are-not-cached-despite-adding-them-in-allowed-password-replication?forum=winserverDS&prof=required

    • Marked as answer by Karim Buzdar Monday, April 10, 2017 9:09 PM
    Monday, April 10, 2017 9:09 PM
  • Hi, I have the WRDC and the RODC separated in different Sites and still doesn't work. I tried the option in a button that says Fill passwords previously in the Windows 2012 server (WRDC) and I search the computer and user account in the domain and at the end the server displays an error message that it couldnt fill the password of none of the accounts. The server cannot execute the requested operation.

    Is there any missing operation that I am not doing? Both servers are in Windows 2012 Server.

    Monday, June 12, 2017 3:20 PM