Unable to RDP with one-way trust

We recently set up a one-way trust between two domains.  Some admins however were unable to make RDP connections to the servers in the trusting domain even though they were in a group that was part of the administrators group on the local servers.  After providing login credentials to domain A, they'd get authenticated and begin to login to comptuters in domain B only to get this error:

Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine

This error is occuring because we set up a "selective authentication" when we created our one-way trust.  We did that deliberately as we wanted to do just that and selectively allow access to resources in domain B.   Here's the fix...

  1. Open Active Directory for Users and Computers.
  2. Click View and enable Advanced Features
  3. Right click on the computer you need to allow access to and select Properties.
  4. Select Security tab.
  5. Add the desired user or group and check Allow for Allowed to authenticate.

That should get you going!

Return TopTrackbackPrintPermalink


Got something to say? Join the discussion »

leave a reply

 [Quick Submit with Ctrl+Enter]

Remember my details
Notify me of followup comments via e-mail