We help IT Professionals succeed at work.

Windows Server 2008 cannot log in locally to an RODC

Medium Priority
5,039 Views
Last Modified: 2013-12-04
We recently purchased two Windows Server 2008 systems. I joined them to the domain and promoted both of them to RODCs with DNS and Global Catalog. They ran with no issues for a few days

I cannot log into either of them as SERVERNAME\Administrator. This is a problem because one of them was re-configured with an IP address for the network it's being shipped to. A non-techie is going to plug it in and we need to be able to let him get in so we can finish the setup. But I need to get in and test a few more things before we ship it out.

   So since it has an IP address which is not currently valid, I cannot log in as anyone else either, because the domain is unavailble (remember, an RODC doesn't hold passwords unless you manually cache them in advance.) The delegates for local administrator access I used was my Domain Admins group, which are barred from caching their passwords locally anyway. Nobody else was delegated.

   How can I get in to this machine? And how can I set this up so our guy on site can just plug in and go?
Comment
Watch Question

Boot into DSRM, Safe Mode or Safe Mode with Networking and log in with the DSRM password to correct the issue.

Use repadmin to pre-cache the local technician(s)' password(s) to prevent the issue from recurring, as follows: http://blogs.technet.com/janelewis/archive/2008/05/08/new-switch-for-repadmin-specifically-for-rodc.aspx.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Chris HudsonCloud Security Architect
CERTIFIED EXPERT
Commented:
In all Domain controllers the local SAM is disabled in Normal mode so U cannot use SERVERNAME\Administrator for login.Reboot the machine in DSRM mode and ucan use local admin passwordsince in this mode SAM is active and AD is disabled :)
ChrisHudson - Read-Only Domain Controllers allow local logins while booted normally; it is a new feature in Windows Server 2008.

Author

Commented:
Thanks for the speedy replies!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.