locked
RODC looses link to main domain RRS feed

  • Question

  • I got the strange situation. There is much technical info below, if needed. In order to avoid myself from making you boring I introduce the problem before (in couple of words).

    Thus, after every reboot or shutdown of RODC system, RODC cannot authenticate any user. It reported that "there are no servers that can perform your authentication request available" or something like that. Even users from "Allowed RODC Password Replication Group" cannot access the system. Local users or groups are absent (RODC). How to fix? I switch the patch-cord from one network adapter to another, wait for couple of seconds, and then switch the cord back to first adapter. Voila! HOW DOES IT WORK? What happens when adapters are changed?

    Now, configuration parameters. We have Win2008 R2 domain in one subnet (two domain controllers).

    We have several identical Win2008 R2 RODC in branch offices with DNS server and WSUS replica server installed. The same domain, other subnets (one subnet to one branch), other sites (one site to one branch).

    On every RODC we have two network adapters, setted to different subnets: one is for branch network (for work) -- adapter 1, another one is for HQ network (for install, set up etc.) -- adapter 2. In every network connection is static IP address, net mask, default gateway and DNS servers are setted. Everything is different: for every subnet are own settings. In every moment the only one adapter is connected, depending on where server is: in branch office (working properly) or in HQ office (maintenance).

    When server stands in branch subnet (and site) adapter 1 is connected. After shutdown or reboot server is up, responding to ping, available via RDP, reported its address in DNS (on HQ) and WSUS. But cannot authenticate any users, neither locally, nor through RDP. Accordingly, it seems to me, that the problem is with some domain services. When I switch the cord from branch subnet adapter to HQ subnet adaprer, everything stop working (of course!). When I switch the cord back into branch subnet adapter everything start working properly including domain authentication! The same situation when server stands in HQ subnet (adapter 2 is connected). After every reboot or shutdown server stops authenticate users until cord switched from adapter 2 into 1 and then turned back.

    I CANNOT UNDERSTAND WHY IT STOPS WORKING AND HOW IT GET FIXED. I got "route print" and "ipconfig -all" in the moment when authentication works and when does not -- parameters are identical. I turned Windows Firewall off for all network types -- no change. People, please, help to understand what's going on? We got many such RODC, and after every reboot I have to contact admins in branch offices in order to ask him to switch patch-cord. This is insane!


    Monday, August 22, 2011 7:32 AM

Answers

  • Two default gateways on DC is absolute evil! :) Removed one from disconnected HQ NIC and everything became OK.

    more info is in neighbor forum:

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9d69e10f-d200-4cee-aa13-b22e7cf83177

    Tuesday, August 23, 2011 7:08 AM

All replies

  • Hi Andrew, i got a windows 7 workstation every time the system is restarted or shut down it will looses internet connection.

    The temporary solution that I am doing is to enable and re-enable the network adapter and the internet connection is back,

    I had inform the user not to shutdown the machine (which is not a good idea)

    But in your situation is kinda different you have to switch back and forth the cord.

    I also don't have a fixed solution to my problem, the last thing that I noticed that this weird situation starts to happen when I removed the USB Wireless Adapter but I just realized it while I was fixing the USB Wireless adapter on another machine but the Win 7 workstation  is on a remote location don't have time to go there and plug back the USB adapter whether it will work normally or not.

    but what was the last thing you did to your machine that causes the problem? 

     


    Every second counts..make use of it.
    Monday, August 22, 2011 9:39 AM
  • There is nothing I did last. I install and set up servers in HQ, connected to LAN2. While this process I reboot and shut down the server several times -- everything work perfect. When installation is finished, I shut the server down, disconnect the cord from adapter, pack server to the box and send it to the branch office. I delete the DNS record of this RODC, referred to its HQ IP address. Then server is received in destination point, unpacked and connected in branch adapter. That's it. Server is up without authentication availability. Screw the patch and all is up! After that, even if the server is back in HQ site/subnet (with DNS record correction) it doesn't start properly without magic dances with patch cord.

    Monday, August 22, 2011 10:34 AM
  • Two default gateways on DC is absolute evil! :) Removed one from disconnected HQ NIC and everything became OK.

    more info is in neighbor forum:

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9d69e10f-d200-4cee-aa13-b22e7cf83177

    Tuesday, August 23, 2011 7:08 AM