I have recently introduced 2 new WDCs into my internal site. I have an edge network that has an RODC in it.
Since the introduction of the the WDCs I am getting the following error:
The Knowledge Consistency Checker located a replication connection for the local read-only directory service and attempted to update it remotely on the following directory service instance. The operation failed. It will be retried.
Additional Data
Connection:
CN=RODC Connection (FRS),CN=NTDS Settings,CN=RODC01,CN=Servers,CN=<edge site>,CN=Sites,CN=Configuration,DC=<domain>,DC=com
Remote Directory Service:
CN=NTDS Settings,CN=WDC02,CN=Servers,CN=<internal site>,CN=Sites,CN=Configuration,DC=<domain>,DC=com
Additional Data
Error value:
Insufficient access rights to perform the operation. 8344
If I open up ADSIEdit and check CN=RODC01,CN=Servers,CN=<edge site>,CN=Sites,CN=Configuration,DC=<domain>,DC=com, I see 1 nTDSConnection object. The fromServer attribute on this object is set to WDC03. If I do a repadmin /showrepl on RODC01, the replication partner comes back with WDC02 (which is the update the RODC is trying to make). So the two values do not match, which is no good at all. When I introduced the new WDCs the site topology/replications must have changed, as there are events about removing the existing replication link and creating a new one in Directory Services event log.
Shouldn't the RODC be able to update its own nTDSConnection object? I'm pretty sure I can just update the fromServer attribute manually and the error will go away, but what happens when the replication topology changes again? This error will come back I would imagine. Any ideas?