Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Set RDP server to authenticate with RODC

Posted on 2013-01-09
2
Medium Priority
?
782 Views
Last Modified: 2013-04-03
I have 2 forests, A and B, connected with a 2 way trust over a VPN tunnel.
In Forest A, I have an RDP Server.
Users in Forest B can login to the RDP Server using their own domain credentials, but logon is slow as it authenticates back with the domain controllers in Forest B.

I have installed a Read Only Domain Controller (Forest B) in Forest A, hoping to speed up the authentication. However, when users that logon to the RDP server is still authenticating back to the old DC in Forest B, rather than the RODC in Forest A.

How can I make them authenticate to the RODC?

I have granted the users membership to "Allowed RODC Password Replication Group", as well as verified that their accounts are visible in the "Accounts whose passwords are stored in this Read-only Domain Controller".
I have also the domain controllers assigned correctly to the 2 Sites with correct subnets in Active Directory sites and services.
0
Comment
Question by:frukeus
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 38761451
i have a think about that.
the behaviour mainly driven by the 2 way trust setup
if you have setup your 2 way trust to go over the VPN, it will fly over the VPN.

so i think you need to change your 2 way trust to trust the RODC.

but i am guessing there must be something prohibited not to trust a rodc
0
 
LVL 1

Author Closing Comment

by:frukeus
ID: 39043474
I read somewhere that the 2 way trust will always check with the DC first instead of RODC.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question