I have just installed a Windows2003 Ent server in
Windows2000 DomainA (DMZ). DomainA has a one way trust
with Windows200 DomainB(Internal). The domains are
seperated via a PIX firewall and the DC's communicate via
dedicated PPTP connections through the firewall. All
works well, users in DomainB can access resources in
DomainA and can log onto servers in DomainA via terminal
services administration mode using DomainB credentials.
But the Windows2003 box is not able to authenticate to
DomainA. When logging on via RDC I get the error
below.
Event Type: Error
Event Source: Winlogon
Event Category: None
Event ID: 1219
Date: 8/26/2004
Time: 10:49:34 AM
User: N/A
Computer: APP1A
Description:
Logon rejected for DomainA\lpaschall. Unable to obtain
Terminal Server User
Configuration. Error: The specified domain either does
not exist or could not be contacted.
In the security event log I show a succesfull logon
though. And I can logon to DomainB on the Windows2003 box
when using the console.
What also is strange is the DomainB appears in the drop
down box at logon. I have added a group in DomainA that
contains users from DomainB to the RDP permissions. But
cannot add users or groups directly from DomainB to the
Remote Desktop users group. It only allows users to be
added and since we have a one way trust between the
domains I cannot add users from DomanB.
Is this a limitation of Windows2003 and remote desktop?
We can remotely manage all of our Window2000 boxes this
way using terminal service administration mode. I also
experience this exact same issue on another Windows2003
web edition box.
|
Similar Threads
Linear Mode
