Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 748
  • Last Modified:

RODC errors

I am getting the following error upon running dcdiag:
 Starting test: NCSecDesc
    Error Enterprise Read Only Domain Controllers doesn't have
       Replicating Directory Changes
    access rights for the naming context:
I have run adprep /rodcprep with success.
Is there another reason why this error may continue?
0
habs1994
Asked:
habs1994
  • 9
  • 8
1 Solution
 
Darius GhassemCommented:
Are you running adprep32 /rodcprep?
0
 
habs1994Author Commented:
I ran adprep32 as the server I ran it from was 32 bit.  I also ran adprep from one of my 2008R2 domain controllers and in that case it states that that all partitions are ready for RODC.
0
 
Darius GhassemCommented:
Run dcdiag post results
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
habs1994Author Commented:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HT-GBG
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: GBG\HT-GBG
      Starting test: Connectivity
         ......................... HT-GBG passed test Connectivity

Doing primary tests

   Testing server: GBG\HT-GBG
      Starting test: Advertising
         ......................... HT-GBG passed test Advertising
      Starting test: FrsEvent
         ......................... HT-GBG passed test FrsEvent
      Starting test: DFSREvent
         ......................... HT-GBG passed test DFSREvent
      Starting test: SysVolCheck
         ......................... HT-GBG passed test SysVolCheck
      Starting test: KccEvent
         ......................... HT-GBG passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... HT-GBG passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... HT-GBG passed test MachineAccount
      Starting test: NCSecDesc
         Error Enterprise Read Only Domain Controllers doesn't have
            Replicating Directory Changes
         access rights for the naming context:
         xxxxxxxxxxxxxx
         ......................... HT-GBG failed test NCSecDesc
      Starting test: NetLogons
         ......................... HT-GBG passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... HT-GBG passed test ObjectsReplicated
      Starting test: Replications
         ......................... HT-GBG passed test Replications
      Starting test: RidManager
         ......................... HT-GBG passed test RidManager
      Starting test: Services
         ......................... HT-GBG passed test Services
     
      Starting test: VerifyReferences
         ......................... HT-GBG passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
0
 
Darius GhassemCommented:
Make sure you are using elevated permissions on command prompt when running the adprep /rodcprep
0
 
habs1994Author Commented:
I have run that as administrator.  Is there more I can do?
0
 
Darius GhassemCommented:
You can right-click the command prompt then select Run as
0
 
habs1994Author Commented:
That is what I have done.  More info:  running dcdiag on my 2003R2 dcs does not return the same error although I would assume that the dcdiag run there does not include that test.
0
 
Darius GhassemCommented:
No does not include the same test.

What is your DC versions? How many do you have?
0
 
habs1994Author Commented:
I have 4 dcs running Windows Server 2003 R2 standard and 2 running 2008R2 Enterprise.  The 2 newer ones running 2008 R2 Ent. are in remote sites and have one NTDS connection back to the main site which contains 2 2003 R2 servers.  The NTDS connection is to only one of the dcs in the main site.
0
 
Darius GhassemCommented:
Alright on  the main DC at HQ you are running adprep32 /rodcprep. Does any information come back?
0
 
habs1994Author Commented:
Yes, that adprep has detected the operation has been been performed on the partitions:
DC=ForestDnsZones,DC=xx,DC=com
DC=DomainDnsZones,DC=xx,DC=com
DC=xx,DC=Com
and is skipping.  Then it reports completed without errors and that all partitions are updated.  Am I looking at a purely cosmetic error?
0
 
Darius GhassemCommented:
Yes, not really going to cause you an issue unless you want to use RODC servers
0
 
habs1994Author Commented:
My problem is that we may want to use some RODCs in the remote sites.  Not sure if we will yet but it is a possibility and seems risky with this error still showing up.  I do appreciate your input.
0
 
Darius GhassemCommented:
Will not allow you to use if this error is still present.

When you run this are you running as Enterprise Admin?
Run the below post

DCDIAG /TEST:NCSecDes
DCDIAG /TEST:NCSecDesc
0
 
habs1994Author Commented:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HT-SHILLS
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SHills\HT-SHILLS
      Starting test: Connectivity
         ......................... HT-SHILLS passed test Connectivity

Doing primary tests

   Testing server: SHills\HT-SHILLS
      Starting test: NCSecDesc
         Error Enterprise Read Only Domain Controllers doesn't have
            Replicating Directory Changes
         access rights for the naming context:
         DC=xxxxxx,DC=com
         ......................... HT-SHILLS failed test NCSecDesc


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : xxxxxx

   Running enterprise tests on : xxxxxx.com



Would it be beneficial to pre-create an RODC account un ADUC?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now