I have a RODC that has around 1500 lsass ESTABLISHED connections to 2 WDCs. This RODC is the only RODC for a single site within our AD deployment. If I run a netstat -b all these connections come back as follows:
[lsass.exe] TCP <IP of RODC>:61366 <WDC01>:49155 ESTABLISHED
[lsass.exe] TCP <IP of RODC>:61374 <WDC02>:49157 ESTABLISHED
There are roughly around 800 to each of the WDCs, so 800 to WDC01 and 800 to WDC02.
All the users and computers in this RODC site are part of a group that is in the "Allow" setting for the RODC under the "Password Replication Policy" tab for the RODC in ADUC. If I click on the Advanced button in the "Password Replication Policy" tab for the RODC all the users/computers I would expect to be listed in the "Accounts whose passwords are stored on this Read-only Domain Controller" are listed. So I'm pretty darn sure the passwords are being cached at the RODC.
I've done a bunch of reading about this, and the only thing I could find regarding this problem is the following hotfix:http://support.microsoft.com/kb/976449 However, this hotfix states that I should be seeing errors on the WDCs and that this should only happen with accounts that are not cachable at the RODC. I am NOT seeing errors on the WDCs and I don't believe there are people trying to use this RODC that do not have cachable accounts.
Can anybody point me in the right direction regarding this?