<div>
Does it matter which subnet they are on when the failure occurs?<br />
<br />
It is sounding like either a DNS problem, or a replication problem between the DC's.<br />
<br />
I would try and use repadmin to force replication between the DC's and watch the logs on the Watchguard to see if you are getting any ports blocked.. <br />
<br />
Also, how is your DNS configured? &nbsp;Your subnet Y probably needs to point to DCx first and then DCy, since the RODC may be having issues with the initial machine login. &nbsp;My thought is that it may be triggering a machine password change, which the RODC isn't able to handle.<br />
<br />
Coralon
</div>


Does it matter which subnet they are on when the failure occurs?

It is sounding like either a DNS problem, or a replication problem between the DC's.

I would try and use repadmin to force replication between the DC's and watch the logs on the Watchguard to see if you are getting any ports blocked..

Also, how is your DNS configured?  Your subnet Y probably needs to point to DCx first and then DCy, since the RODC may be having issues with the initial machine login.  My thought is that it may be triggering a machine password change, which the RODC isn't able to handle.

Coralon

<div>
Are you using a Password replication Policy on your RODC?
</div>


Are you using a Password replication Policy on your RODC?

<div>
<div class="content wysiwyg-content">
Hi <br />
I have a subnet X with DCx and I have a subned Y with DCy which is a read only. I'm using a watchguard firewall where AD authentication on ports are allowed <br />
TCP:3268,135,445,139,137,5<wbr />3,88,389,4<wbr />9156,49155<wbr />,49158,326<wbr />9,25,5722,<wbr />464,9389<br />
UDP:,138,53,88,445,123,464<wbr />,389<br />
Whe a new user is loging into a computer for first time Trust relationship betweem DC and computer fails.<br />
I want all computers from subned Y to be authenticated by DCy and I want to make changes on DCx which will be replicated to DCy
</div>
</div>


Hi 
I have a subnet X with DCx and I have a subned Y with DCy which is a read only. I'm using a watchguard firewall where AD authentication on ports are allowed 
TCP:3268,135,445,139,137,53,88,389,49156,49155,49158,3269,25,5722,464,9389
UDP:,138,53,88,445,123,464,389
Whe a new user is loging into a computer for first time Trust relationship betweem DC and computer fails.
I want all computers from subned Y to be authenticated by DCy and I want to make changes on DCx which will be replicated to DCy

read only DC authentication

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Windows Networking

Networking software modules are interfaced with a framework implemented on the machine's operating system that implements the networking functionality of the operating system. The best known frameworks are the TCP/IP model and the OSI model. Systems typically do not use a single protocol to handle a transmission. Instead they use a set of cooperating protocols, sometimes called a protocol family or protocol suite.[9] Some of the best known protocol suites include: IPX/SPX, X.25, AX.25, AppleTalk and TCP/IP. Other protocols indirectly related to networking include the hypertext transfer protocol (HTTP) and its related technologies, Dynamic Host Configuration Protocol (DHCP), Domain Name Server (DNS) and other Internet protocols.