RODC errors

Hi Experts,

I have running on one site a win2008 RODC.
The DNS Eventlogs are full with errors.
Always this error ID:4015

What exactly is the problem ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OxygenITSolutionsCommented:
Have you tried looking here:

http://support.microsoft.com/kb/969488/en-us
0
Eprs_AdminSystem ArchitectAuthor Commented:
I have read it has to do with the DNS settings of the RODC.
When the RODC has its own DNS ROle, which NDS Server I have to enter on the RODC NIC settings ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

SandeshdubeySenior Server EngineerCommented:
Ensure correct dns setting on RODC as below.

DNS setting on RODC.Recommended setting for RODC that's a DNS server, it should point to itself IP (not loopback address 127.0.01) as the primary DNS server.Writable DNS server's IP in a hub location should be the secondary/alternate DNS servers
http://technet.microsoft.com/en-us/library/cc742490(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd737255(v=ws.10).aspx

Best practices for DNS client settings on DC(Writable) and domain members.
 http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Once you are done with above run "ipconfig /flushdns & ipconfig /registerdns", restart NETLOGON service then DCDIAG for any errors.

Note:If the 4004 and 4015 events only appear at start up, you get these events because your zones are stored in AD and you only have one Domain Controller. AD cannot start with DNS, and when DNS starts, because AD has not started, DNS cannot load the zones in AD.You can usually ignore these errors. A true test of the sytem is to use DCdiag /verbose to see if you have any errors. If so, copy and paste the errors here so we can go through them.
0
Eprs_AdminSystem ArchitectAuthor Commented:
is it right, my RODC should be installed with the Global Catalog ?
Because now it is without.
0
Eprs_AdminSystem ArchitectAuthor Commented:
I cannot enlist :

DNS_ERROR_DP_DOES_NOT_EXIST     9901

Can it be, that the dns partition is not created ?

This is my command:
dnscmd SERVER1 /EnlistDirectoryPartition DomainDNSZones.domain.local

Can you help me to write it correctly ?
0
Eprs_AdminSystem ArchitectAuthor Commented:
now I have tested the RODC with DCDIAG.
No more errors within this test.

Is it still necesarry to enlist the RODC ?
0
compdigit44Commented:
Is this the first RODC in your domain? When you setup the RODC initially did you follow the steps outlined below.

http://technet.microsoft.com/en-us/library/cc772234%28v=ws.10%29.aspx

Also I assume your RODC is in a remote site. If so, is your WAN connection stable and reliable?
0
Eprs_AdminSystem ArchitectAuthor Commented:
Hi This is the first RODC and the only one.
I have taken over the RODC, so I cannot tell you about the installation.

I have set the 1.DNS IP address to itself, not loopback address.
And the RODC is now also a GC.
That I have changed.

Since 2 days we have a WAN over 60Mbits synchron.

Yesterday the DCDIAG was successful.
Today also but I have every day errors in the DNS logs.
Event ID 4015 from 20:22 until 21:53

What can it be ?
0
SandeshdubeySenior Server EngineerCommented:
If no error reported this indicates that health of RODC is good.You have enabled GC on RODC thats good.As the issue is coming at specific time check the event log in application/system etc at that specific time if any service/app causing the issue.Also check the same on RWDC for any errors in this specific time.

I will also recommend to disable thirdy part service and antivirus temporarly if installed and check.
0
compdigit44Commented:
Nice Work  Eprs_Admin!!!

Don't forget if it is your intention to have user log into the domain at the remote site when your WAN link in down, you would want to setup the caching the specific users passwords at this site on the RODC.

http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
0
Eprs_AdminSystem ArchitectAuthor Commented:
Hi Experts,

I have checked the period of errors on our other DC´s and the RODC.
In this time period nothing happens.
I have checked the eventlogs and the dns logs.

Just on the RODC I had the errors between 20:22 until 21:53, eventid 4015.
But last night all was ok, no more errors in the dns logs.
Just some warnings, but this is because the RODC gets a reboot each morning at 4:00 am.
0
Eprs_AdminSystem ArchitectAuthor Commented:
You wrote this:
____________________________
RODCs do not require any changes to client computers to allow them to use an RODC. Client computers running any of the following operating systems are supported for use with RODCs:

    Microsoft Windows 2000 Server

    Windows XP

    Windows Server 2003

    Windows Vista™

    Member servers running Windows Server 2008
______________________________________________________

But what about this, when my clients behind the RODC are Win7 clients ?
0
compdigit44Commented:
Windows 7 is fully support without any hotfixes to use and RODC

http://technet.microsoft.com/en-us/library/cc725669(v=ws.10).aspx#BKMK_ClientOS
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eprs_AdminSystem ArchitectAuthor Commented:
very good. Thanks.
Now since 3 days no more errors like ID:4015
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.