If the bridgehead replication partner of an RODC becomes unavailable, the KCC
on the RODC builds a connection to another partner. By default, this happens
after about two hours, which is the same for a writable domain controller.
However, the FRS connection object on an RODC must use the same target as the
connection object that the KCC generates on the RODC for Active Directory
replication. To achieve this, the fromServer value on the two
connections is synchronized.
However, the trigger for changing
the fromServer value on the FRS connection object is not the creation of
the new connection; instead, it is the removal of the old connection. The
removal step happens some hours after the new connection object is created.
Consequently, the fromServer value continues to reference the original
partner until the old connection is removed by the KCC.
A side effect of this is that while Active Directory replication works
successfully against the new partner, FRS replication fails during this period.
The additional delay is by design—it avoids causing FRS to perform an expensive
VVJoin operation against the new partner, which is unnecessary if the outage of
the original partner is only temporary.
0 Comments