I have a one way trust with an external domain. I am a domain admin on my domain and have a domain user account in the remote domain (domainA). My domain (domainB) is trusting the remote domain. We normally add users from domainA to domain local security groups in domainB. This allows remote users to authenticate to application servers in domainB. The AD upgrade process from 2003 server to 2008R2 has recently been started on both domainA and domainB. Both domains are still 2003 functional levels. DomainB has both 2008R2 and one 2003 DC.
The problem is that when I try to open a security group in domainB, the SID's are not resolved to friendly names. I have a wireshark capture of attempting to enumerate the objects that have been added to the security group from domainB (clicked on the "members" tab) and have seen the DC in domainB connect to a DC in domainA. DomainA replies with a message: NCA_S_ACCESS_DENIED.
The following failure audit recorded in the security event log of a DC in domainA:
EventID: 4625Security ID: Null SID
Account Name: DC_domainB$
Account Domain: domainB
Failure Reason: Unknown username or bad password
I am confused why domainA would care about username/passwords when that domain has a trust established with domainB?
Thanks in advance for the help.
