I'm trying to resolve an issue w/ NETLOGON errors in the system log that seem to have no noticeable problems from the user/workstation perspective. We have a RODC (Enterprise Server 2008 SP2) at a remote branch that has given the below errors for each computer at that site about every 80-90 minutes. ***************************** 5723: The session setup from computer 'CHILAP2' failed because the security database does not contain a trust account 'CHILAP2$' referenced by the specified computer. 5805: The session setup from the computer CHILAP2 failed to authenticate. The following error occurred: Access is denied. ****************************** I have all of the computer and user accounts in the "Allowed RODC password replication" group for this RODC. I have ensured there are no duplicated computer names or SID's. I have run repadmin /showrepl and all is successful. I have rejoined each computer to the domain. I have even tested setting the "disabling the changing of machine account passwords" policy and rejoining to the domain. There are no replication errors to or from main office and this branch. I'm at a loss as to why these errors occur. Any advice would be greatly appreciated!!

Hi, Rather than unjoining and rejoining the systems, have you tried resetting the computer accounts through ADUC on a writable DC? -- Mike Burr

Hello, did you check this one before: http://technet.microsoft.com/en-us/library/cc725669(WS.10).aspx http://support.microsoft.com/kb/944043/en-usBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Issue resolved...the global security group all of these systems were in was removed from the "Allowed RODC password replication" group. Thanks for the tips!

I was having this issue and I had tried to add the computer accounts to the Allowed RODC Password Replication group with no success. But just now, after reading these posts, I tried a different way - by going into the computer properties (for each individual PC) and then the "member of" tab and adding the group to the "member of" list. Apparently that's th ecorrect way... anyway, I will know by this afternoon whether or not this fixes it, but I bet it will, because I am only getting the errors on the RODCs. I am so glad I found this article - thanks guys!