Hello everyone,
I set up an external one-way trust from a Windows 2008 R2 domain (A) trusting a Windows 2003 domain (B).
Validation works, but if i try to add a B domain user to a A domain group I got prompted for remote credentials (B domain). It should not happen and that membership does not work.
If I verify with netdom i get:
netdom TRUST A.fqdn /D:B.fqdn /verify
The command failed to complete successfully.
Even if I provide UO e UD credentials.
Unluckily there is no detailed error.
The only thing I noticed is a warning event id 40961 source LsaSrv.
The Security System could not establish a secured connection with the server
ldap/DC1.B.fqdn/B.fqdn@B.FQDN. No authentication protocol was available.
Same warning is present for DC2.B.fqdn on a test A domain member machine I used to test the group membership above.
I verified network connectivity anyway with PortQuery and even by nltest, but everything is ok.
Additionally I tried to disable SID filtering, but I always receive "access is denied". I did it from both DCs and always with domain admin rights.
I am not responsible for domain B, so I am still not sure that there is no policy that goes against this trust.
What else?
Thank you for your help
Andrea