Hi, I just setup RODC in dmz lan. this RODC has one way replication to RWDC (win 2008). I created a server win2003 in dmz lan and tried to login but unable to login. I did adprep /rodcprep and joined to the domain successfully. At first I though might be the replication time but it has been 5 hours and still not able to login. Am I missing anything? Thanks.

check firewall ports http://technet.microsoft.com/en-us/l...23(WS.10).aspxhttp://www.arabitpro.com

Please check below articles. http://technet.microsoft.com/en-us/library/dd728035(WS.10).aspx http://support.microsoft.com/kb/977510 Thanks

Hi Thanks. Just to clarify that I can login to RODC win 2008 server as a domain admin but cant login to the win 2003 server with any dc accounts. When I tried to do "Prepoulated password" I get error message "Passwords for none of the accounts could be prepoulated. The following error was encountered. The specified server cannot perform the requested operation." Any thoughts?

one quick question you have windows 2008 RWDC and RODC isnt it ? and Windows 2003 server is located in DMZ ? http://www.arabitpro.com

hi, In dmz, I have win 2008 RODC. This RODC supposed to get replication from RWDC win 2008 outside of DMZ. The windows 2003 server is just the server located in dmz. I am trying to login from this server and hoping that my login server is RODC. This win2003 server was joined to domain successfully and able to search in computers in AD but no able to login with AD account. Thanks.

Also when I checked in Sysvol folder on RODC, under c:\windows\SYSVOL\sysvol\my.domain\ there is nothing so is it safe to manually copy Policies and Scripts folder from the RWDC? Could this be the reason for my issue? thanks,

please understand that an RODC must replicate domain updates from a writable domain controller that runs Windows Server 2008. http://www.arabitpro.com

Hi, Yes I have win 2008 RWDC outside of DMZ. In AD site and services this is what is shown. DMZ site - servers - RODC - NTDS settings name from server RODC RWDC LAN site - servers - RWDC - NTDS settings name from server <automatically generated> another DC (writable win 2003 DC) So I think the replication part is working as it is one directional replication as it is supposed to be. thanks,

have you read this http://support.microsoft.com/kb/944043http://www.arabitpro.com

Yes I came across but not sure it is relevant to me and dont know where I need to change this registry in RODC or RWDC? Thanks again.

How can I check which ports are open on RODC? thanks.

The netstat command will show you which ports are open or in use netstat -an |find /i "listening" You can also change "listening" to "established" to see what ports your server actually communicates with: netstat -an |find /i "established" Also, you can use Sysinternals TCPView Download TCPView TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.Regards, Santosh I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights.