{"id":42,"date":"2008-09-23T01:01:00","date_gmt":"2008-09-23T01:01:00","guid":{"rendered":"http:\/\/web03.partners.extranet.chrisse.com\/wordpress\/?p=42"},"modified":"2008-09-23T01:01:00","modified_gmt":"2008-09-23T01:01:00","slug":"windows-server-2003-domain-controllers-may-perform-automatic-site-coverage-for-rodcs","status":"publish","type":"post","link":"https:\/\/blog.chrisse.se\/?p=42","title":{"rendered":"Windows Server 2003 Domain Controllers may perform Automatic Site Coverage for RODCs"},"content":{"rendered":"<p style=\"margin-left: 36pt;\"><span style=\"font-family: Arial; font-size: 10pt;\"><strong>Note: <\/strong>Domain controllers running Windows Server 2003 do not consider RODCs when they evaluate site coverage requirements and may register its Domain Name System (DNS) service (SRV) resource records for a site that contains an RODC. As a result, they perform automatic site coverage for any site regardless of the presence of an RODC for the same domain. Consequently, client computers that attempt to discover a domain controller in the RODC site can also find the domain controller that is running Windows Server 2003 and may not authenticate to the RODC. <\/span><\/p>\n<p>&nbsp;<\/p>\n<p style=\"margin-left: 36pt;\"><span style=\"font-family: Arial; font-size: 10pt;\">There are a few possible solutions for this problem: <\/span><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<ol style=\"margin-left: 72pt;\">\n<ol style=\"margin-left: 72pt;\">\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Apply the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients (http:\/\/support.microsoft.com\/kb\/944043\/en-us)<br \/>\n(This hotfix has to be applied to all Windows Server 2003 DCs that may perform automatic site Coverage)<br \/>\n<\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol style=\"margin-left: 72pt;\">\n<ol style=\"margin-left: 72pt;\">\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Ensure that only domain controllers running Windows Server 2008 are present in the site closest to the RODC site.<br \/>\n<\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol style=\"margin-left: 72pt;\">\n<ol style=\"margin-left: 72pt;\">\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Configure the weight or the priority of the DNS SRV records so that clients are more likely to authenticate with the RODC than with a remote Windows Server 2003 domain controller.<br \/>\n<\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol style=\"margin-left: 72pt;\">\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Disable automatic site coverage on domain controllers running Windows Server 2003 present in the site closest to the RODC site. <\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"font-family: Arial; font-size: 10pt;\">How to disable automatic site coverage: <\/span><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Click Start, click Run, type <strong>regedit<\/strong>, and then click OK. <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Navigate to the following registry subkey <strong>HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters<\/strong> <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Click Edit, point to New, and then click <strong>DWORD<\/strong> Value. <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Type<strong> AutoSiteCoverage<\/strong> as the name of the new entry, and then press <strong>ENTER<\/strong>. <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Double-click the new <strong>AutoSiteCoverage<\/strong> registry entry <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Under Value data, type <strong>0<\/strong> to disable automatic site coverage. 1 = to enable it. <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">Click Start, Click Run, type <strong>cmd<\/strong> and then click OK. <\/span><\/li>\n<\/ol>\n<\/ol>\n<p>&nbsp;<\/p>\n<ol>\n<li><span style=\"font-family: Arial; font-size: 10pt;\">In the Command Prompt, type the following command:<br \/>\n<strong>nltest \/dsregdns <\/strong>or restart the <strong>netlogon<\/strong> service <\/span><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Note: Domain controllers running Windows Server 2003 do not consider RODCs when they evaluate site coverage requirements and may register its Domain Name System (DNS) service (SRV) resource records for a site that contains an RODC. As a result, they perform automatic site coverage for any site regardless of the presence of an RODC for &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.chrisse.se\/?p=42\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Windows Server 2003 Domain Controllers may perform Automatic Site Coverage for RODCs&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[6],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-active-directory"],"_links":{"self":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42"}],"version-history":[{"count":0,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.chrisse.se\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}