I have an RODC set up in my AD and am getting multiple 5723 errors for machines. This RODC is in a site with 3 RWDC. Doing a DCDIAG shows all test pass except systemlog, which shows the 5723 and 5805 error messages. doing an nltest /SC_QUERY comes back with
a success.
These are SCCM cloned machines with a properly sysprepped image, and are properly joined to the domain. I have added domain computers and domain users to the PRP as allowed accounts. All machines are Windows 7 so I don't think the compatibility pack that is available is necessary here.
The machines that are failing are in the proper site, which has the proper subnets set up. What is really weird is that there are tons of machine properly authenticating to the server, and the machines that are denied auth are random from all subnets in the site.