I've got an RODC in our local site and a PDC in our co-location facility. I run SET on any of the computers in our local site and they all say LOGONSERVER='PDC'. They should all be authenticating to the local RODC but they don't seem to want to.
I looked at the logs of the RODC and I get a few spaced out errors coming from NETLOGON:
The session setup from the computer
COMPUTERNAME failed to authenticate. The
following error occurred: Access is
denied.
A search for that error led me here but none of the solutions seem to be of any help (or maybe I'm not using the solutions correctly?)
Has anyone remedied this error before? Can someone point me in the correct direction?
Best Answer
Just like users, you have to add computer objects to the policy allowing the RODC to authenticate them (link). The easiest way is to create a group of those computer objects and add them to the policy with Allow. Also keep in mind that Site configuration can affect which DC a station will contact.