So, You have read up on the big push for the Branch office Scenario Technologies that MS have released in Server 2008 - Server Core, RODC's, Bitlocker etc etc, and all seems great and wonderful...which it is, but you start running into some interesting little issues along the way...one, being the inability to install SQL 2005 full blown or Express Versions on an RODC....nice!
Now this is a funny little one, as considering you have deployed an RODC, chances are you have a single server, with a small user base on that site, and you would really really like to stick with a single server and have it take care of everything (which means server core probably isnt feasible)....And then you cop this nice little problem (exposed to me by Backup Exec 12.0) which nicely gives you the option of using a remote instance of SQL across a WAN....Not my idela situation...
What do you do? You have a few options
1) Use a remote instance of SQL and hope for the best (chances are it will work but i dont like cross WAN options when they can be avoided)
2) Use Windows Backup instead of BackupExec - Not a bad option really considering Symantec are, well, Symantec
3) Work around the problem instead of blanketly saying it cant be done...as per the following
- Problem as per my old Nemesis Symantec:
http://seer.entsupport.symantec.com/docs/290572.htm
Cause
This issue occurs because SQL Express and SQL Server 2005 cannot be installed on a Windows 2008 computer that is configured in a RODC role. Reason being, the RODC role does not allow the use of local accounts, which are required for SQL Express and SQL Server 2005.
Resolution
To resolve the issue, select a remote SQL instance for the Backup Exec database when installing Backup Exec on a RODC.
Wow.
That doesnt sit right with me personally....So here is a real fix.
1. Demote your RODC back to a member server....
2. Install Backup Exec 12.0 with its default settings - it will install SQL Express 2005 for you (note SQL express 2008 is a no go)
3. Change the Service Logon Accounts for SQL and Backup Exec to Domain Accounts
4. Promote your Server to an RODC
Wow, it magically all works...and not all that hard to figure out why....
James
"""""
Updating change from:" International ISDN Number (Others)" to "International ISDN Number (Others)" for locale 409, object inetOrgPerson-Display and property attributeDisplayNames.
Adprep was unable to complete because the call back function failed.
[Status/Consequence]
Error message: C:\WINDOWS\debug\adprep\logs\20080903175259\LDIF.log The process cannot access the file because it is being used by another process.
(0x80070020).
[User Action]
Check the log file ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20080903175259 directory for more information.
Adprep was unable to update forest information.
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.
[User Action]
Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20080903175259 directory for more information.
""""""
So, what the hell does this error mean and why does it occur when you are running it on the Schema Master, with the Domain Administrator account, with nothing obvious to look at....and the log files are about as useful as my.....well......something useless....
Surprise Surprise - its McAfee 8.5i Enterprise edition that causes this, simply uninstall...run your adprep tools, and reinstall...
Such a simple solution for such a PITA non obvious issue...
Enjoy