• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1530
  • Last Modified:

DNS errors on Read Onlt Domain Controller

Hello,

I have a problem with the two RODCs I have in our domain. I get the error below recorded every 3 minutes for DNS.

EventID 4015 DNS-Server-Service
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "00002095: SvcErr: DSID-03210A69, problem 5012 (DIR_ERROR), data 16". The event data contains the error.

I have done some research and it all points to the issue mentioned in the Kb below. It basically says (as I understand it) to make sure that the RODC has access to a writable DC with DNS and also that the writable DC has an NS record.

http://support.microsoft.com/kb/969488

I run this command and it comes back with the correct DC which is writable and has DNS installed:
nltest /dsgetdc:DOMAIN.COM /WRITABLE /AVOIDSELF /TRY_NEXT_CLOSEST_SITE /DS_6

Then I run this command and refers to the same DC and says all replication is successful:
repadmin /showrepl

The servers are both in remote sites that are connected through cisco ASAs on site-to-site vpn. But I can access the DNS server on port 53.

So all in all I'm lost. Any help would be appreciated. I don't seem to have a loss of functionality, just thousands of red crosses that are frustrating! Only option I can think of is to demote and promote them again as normal DCs.

Thanks
Gavin
0
piemckay
Asked:
piemckay
  • 3
  • 3
1 Solution
 
pwindellCommented:
Just make sure that in the TCP/IP Specs of the RODCs that they use the RWDC as their "DNS Server".  Do not have anything else listed there.
0
 
pwindellCommented:
Personally I like the idea of demoting them and bring them back as regular DC.   I think the whole concept of the RODC has been a "flop".    But that's just me.....
0
 
piemckayAuthor Commented:
They have a primary and a secondary DNS server defined. However both of those DNS servers are RWDCs so I presume that's ok. I think I will go for the demote/promote option...
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
pwindellCommented:
As long as the people who have physical access to the box (but aren't supposed to mess with the thing) don't have credentials that can log on locally to the DC I think a RWDC is fine.  
0
 
piemckayAuthor Commented:
I agree, I'll get to it. Thanks for your input.
0
 
piemckayAuthor Commented:
Didn't directly fix the problem on the RODC, but overall is a better solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now