Windows Server 2008 RODC - Issue with Prepopulating Passwords

Posted on 2011-05-05
Last Modified: 2012-05-11

We have recently set up our first Windows Server 2008 RODC.  When I tried to prepopulate a few accounts' passwords to the RODC from a RWDC, I received the following error on each of the items:

"The RPC server is unavailable."

So I checked both servers' services, the RPC server service was running on both.  I went to Sites and Services and tried to replicate, came back after a little bit to try and prepopulate those again, and now I get this error on each item:

"The specified value already exists."

Sounds promising, but when I check the Policy Usage tab for 'Accounts whose passwords are stored on this RODC', all I see is the default krb... user account and the RODC computer account.  Likewise, when i check the Password Replication tab on one of the accounts whose password I was trying to populate, it does not show my RODC listed there.  I have tried a couple of times since then and still receive the 'specified value already exists' message.  Those accounts are all set to "Allow" under the Password Replication tab on the RODC.

Can anybody help me out?  Many thanks in advance.
Question by:hachemp
    LVL 29

    Accepted Solution

    My personal view of RODCs is to wipe them from the face of the earth and forget it.  At one IT event that I was at the speaker referred to the RODCs as,"....turned out to be not such a great idea...."

    But anyway,...the only thing I can think of it that the RODC is not using the RWDC and the DNS in it's TCP/IP Specs, may even be better if it uses nothing but the RWDC as the DNS with nothing else listed there.

    Beyond that I have no idea.
    LVL 29

    Expert Comment

    Sorry for the typos,...this site doesn't give us the means to correct our typos after submitted.

    Author Comment

    Thanks for the advice.  I ended up wiping that box and reinstalling the RODC.  I wanted to deploy the RODC in the DMZ for directory services, but maybe I'll reconsider based on all this trouble.  Awarding you the points since you were the only one who bothered to respond :)
    LVL 29

    Expert Comment

    Thank you sir!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now