Hi,
First some background information on my setup:
Office Site = 2 DCs DOMAIN A, 1 DC DOMAIN B
Datacentre Site = 1 DC DOMAIN A, 1 DC DOMAIN B
DMZ Site = 1 RODC DOMAIN A, 1 RODC DOMAIN B
There is a two way selective forest trust between DOMAIN A and DOMAIN B. All resource servers are in DOMAIN A. Users in DOMAIN B authenticate to DOMAIN A servers.
A TMG server separates the Office site (internal) to the DMZ site. A TMG rule exists to allow the DOMAIN A RODC to communicate with only the PDC in DOMAIN A (which is in the office site). Another rule allows the DOMAIN B RODC to communicate only with the
PDC of DOMAIN B (which is in the office site). I have seen from the TMG logs that the RODCs do attempt to talk to all the internal RWDCs, but this is denied. TMG logs also show allowed connections to the internal PDCs
When the RODCs are switched on, the following problems occur:
1. A member server in DOMAIN A in the DMZ site cannot contact the domain. It does not communicate with the RODC.
2. Some DOMAIN A member servers fail to authenticate DOMAIN B users.
a) Another set of TMG servers in the Datacentre Site which publish OWA for DOMAIN B Exchange servers are unable to authenticate DOMAIN B users
b) Remote Desktop Web & Gateway servers in the Office Site are unable to authenticate DOMAIN B users
When the RODCs are switched off, the Datacentre TMG servers and Office Remote Desktop servers are able to authenticate DOMAIN B users again
Any help would you great!