If you've a forest trust with selective authentication you may get the following error when trying to authenticate with users or groups between the forest domains:
Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine.
Error Code: 1935
Either you switch to domainwide authentication in you trust settings (just remcommended when the two forests belongs to the same company...), or you have to explicit allow the specific user or group to authenticate against the computer in the other forest.
To resolve the issue, open Active Directory Users and Computers --> enable Advanced Features on View tab --> Select the Computer Object --> Properties --> Security --> Add the User or Group you want to authenticate and check Allowed to Authenticate
No comments:
Post a Comment