• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4735
  • Last Modified:

Windows Server 2008 cannot log in locally to an RODC

We recently purchased two Windows Server 2008 systems. I joined them to the domain and promoted both of them to RODCs with DNS and Global Catalog. They ran with no issues for a few days

I cannot log into either of them as SERVERNAME\Administrator. This is a problem because one of them was re-configured with an IP address for the network it's being shipped to. A non-techie is going to plug it in and we need to be able to let him get in so we can finish the setup. But I need to get in and test a few more things before we ship it out.

   So since it has an IP address which is not currently valid, I cannot log in as anyone else either, because the domain is unavailble (remember, an RODC doesn't hold passwords unless you manually cache them in advance.) The delegates for local administrator access I used was my Domain Admins group, which are barred from caching their passwords locally anyway. Nobody else was delegated.

   How can I get in to this machine? And how can I set this up so our guy on site can just plug in and go?
0
og_sh0x
Asked:
og_sh0x
  • 2
2 Solutions
 
LauraEHunterMVPCommented:
Boot into DSRM, Safe Mode or Safe Mode with Networking and log in with the DSRM password to correct the issue.

Use repadmin to pre-cache the local technician(s)' password(s) to prevent the issue from recurring, as follows: http://blogs.technet.com/janelewis/archive/2008/05/08/new-switch-for-repadmin-specifically-for-rodc.aspx.
0
 
chrishudson123Commented:
In all Domain controllers the local SAM is disabled in Normal mode so U cannot use SERVERNAME\Administrator for login.Reboot the machine in DSRM mode and ucan use local admin passwordsince in this mode SAM is active and AD is disabled :)
0
 
LauraEHunterMVPCommented:
ChrisHudson - Read-Only Domain Controllers allow local logins while booted normally; it is a new feature in Windows Server 2008.
0
 
og_sh0xAuthor Commented:
Thanks for the speedy replies!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now