wannabecraig
asked on
read only DC authentication
Hi
I have a subnet X with DCx and I have a subned Y with DCy which is a read only. I'm using a watchguard firewall where AD authentication on ports are allowed
TCP:3268,135,445,139,137,5 3,88,389,4 9156,49155 ,49158,326 9,25,5722, 464,9389
UDP:,138,53,88,445,123,464 ,389
Whe a new user is loging into a computer for first time Trust relationship betweem DC and computer fails.
I want all computers from subned Y to be authenticated by DCy and I want to make changes on DCx which will be replicated to DCy
I have a subnet X with DCx and I have a subned Y with DCy which is a read only. I'm using a watchguard firewall where AD authentication on ports are allowed
TCP:3268,135,445,139,137,5
UDP:,138,53,88,445,123,464
Whe a new user is loging into a computer for first time Trust relationship betweem DC and computer fails.
I want all computers from subned Y to be authenticated by DCy and I want to make changes on DCx which will be replicated to DCy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you using a Password replication Policy on your RODC?
It is sounding like either a DNS problem, or a replication problem between the DC's.
I would try and use repadmin to force replication between the DC's and watch the logs on the Watchguard to see if you are getting any ports blocked..
Also, how is your DNS configured? Your subnet Y probably needs to point to DCx first and then DCy, since the RODC may be having issues with the initial machine login. My thought is that it may be triggering a machine password change, which the RODC isn't able to handle.
Coralon