Hello,
In a 2-Way Transitive Forest Trust, for client authentications to work successfully for Kerberos and NTLM, do all DCs in a trusting domain must be able to establish secure channels with all DCs in a trusted domain?
So if a Firewall blocks a DC in a Trusting domain from establishing a secure channel with a DC in a Trusted domain, an authentication request will fail, however if at least one or two DCs in a Trusting domain can establish secure channels with one or two DCs in the Trusted domain, the authentication request will succeed, correct?
The essence of this question is if we have 25 DCs in Domain A and 50 DCs in Domain B, we don't have to open Firewall ports for the 25 in Domain A to establish secure channels with the 50 in Domain B and vice versa? In this case, all we need to do is open Firewall ports for the PDCe DC in Domain A and Domain B, then 2 or 3 DCs in Domain A to communicate with 2 or 3 DCs in Domain B, correct?
Thanks for your help! SdeDot