No announcement yet.

one way forest trust not authenticating

  • Filter
  • Time
  • Show
Clear All
new posts

  • one way forest trust not authenticating

    Hi, I recently promoted a member server to an entirely new forest (DC, tree, etc). It's a single server in the forest. there is a one way trust between OLD-Domain and NEW-Domain. NEW-Domain trusts accts in OLD-Domain, but NOT ice versa (OLD-Domain is trusted by NEW-Domain).

    Funny thing is, when certain users from OLD-Domain are trying to access a shared folder (SHARE and File permissions are set to Everyone, full-control), it prompts for authentication. Other users (particularly those that were migrated from local user accts to domain user accounts during the dcpromo process are not required to authenticate). Dont know why. I had to create a user account in NEW-domain to allow a user from OLD-Domain to map a network drive using a "different name"(with reconnect at logon). And yet it still prompts for UID & PWD. If I synchronize the passwords of the two domain accounts (if they are spelled the same) then it works well, but then that would defeat the purpose of the trust.

    If I dont use a different name during the mapping, then the error I get "The mapped network could not be created because the following event has occured: Logon Failure: The target name is incorrect." This is very strange to me because, like I said, it doesn't happen to very user trying to connect to this share. If I use the net use comand, the system error is 1396 "Logon Failure: The target account name is incorrect."

    I've seen some info about not being able to find the SPN, but wouldn't this happen to all users trying to connect? Anyone know what's going on?