I have a really strange scenario…We have a server within a DMZ, which uses an RODC (Read-Only Domain Controller) for user authentication. The users are in a trusted 3rd domain, something like this:
DMZserver -> RODC -> InternalDC -> TrustedDC -> User
This is all to allow us to RDP/login to the DMZserver. It works currently for an older Windows 2008R2 server, but when we attempt to use these new servers (setup basically identically (same network subnet, same firewall rules, validated communication with the RODC, etc) it WILL NOT authenticate or communicate with the InternalDC's through the RODC.
I've looked at the replication and joined/rejoined the DMZServer to the internal domain several different times and ways. However I continue to get a netlogin issue, it won't connect to the RODC for DNS, Time Settings, login authentication, etc…
Its maddening, and I'm at a loss, so I'm hoping someone can give me some guidance or pointers on how I can gather some more information on this.
I have reviewed the question at
Windows Server 2012 R2 Standard located in our DMZ has problems with connection to RoDC
However the solution presented there with the sitename does not solve my issue and has been tested multiple times.
Any help would be appreciated!
Best Answer
So we seem to have discovered a workaround for the issue at hand. So we pre-populated and replicated the account details and passwords from the Internal Read/Write domain controller to our ReadOnlyDomainController (RODC) within the DMZ sites. Once we had replicated/cached the computer details over to the RODC, this allowed the computer account (windows 2012 R2) servers to communicate properly.
We are still investigating with Microsoft, but hopefully this will help others that maybe having similar odd behaviours with RODC systems in DMZ designs.
Please let me know if you have further questions around this issue, and I'll be happy to provide additional information.