Hi,
The KRBTGT password should be reset twice.
Before perform the first reset you should check the replication health of all domain controllers in the domain.
After the first reset , you should wait at least 10 hours to be should that all kerkeros tickets already delivered before the first reset are expired and renewed. If you don't respect this delay you can face authentication issue.
You can use the script below to reset the krbtgt for RODC and RWDC. You should test it before deploy it in production environment.
To reset KRBTGT password you can use the following script mentioned on this link :
This link will help you to have more details about the what the script can do:
krbtgt-account-password-reset-scripts-now-available-for-customers
Please don't forget to mark helpful reply as answer