"There are currently no logon servers available to service the logon request" when trying to log on to domain from member server via a RODC in perimeter/dmz network.
I can see SRV records in DNS for the RODC (in _msdcs and primary zone).
The member server is a member of "Allowed RODC Password Replication Group".
I added firewall rules on the RODC for the dynamic port range (49152-65535), TCP and UDP. But it didn't make a difference.
TCP/IPv4 dns settings for member server point to RODC as primary dns server. Assigned IP address is static. There's no dhcp in this dmz network.
nslookup's from member server list the RWDC's when looking for SRV or NS records. It's returning the closest RWDC for the "primary name server" when you look for SRV records.
I tried changing the RegisterSiteSpecificDnsRec
ordsOnly registry key on the RODC from 1 to 0, and granted write permissions to the RODC for the _msdcs and primary dns zones. I didn't wait long for replication of this change. It didn't work. Should I have waited longer?
Reference : http://blogs.technet.com/instan/archive/2009/03/24/troubleshooting-rodc-s-troubleshooting-rodc-location-in-the-dmz.aspx
I tried each of these changes one at a time. Is it possible a combination of the changes is required?