I'm trying to use Folder Redirection on a Terminal Server for Users from another domain connected by an external trust.
- 2 Windows 2003 domains, Domain A and Domain B
- External (non-transitive) trust with selective authentication configured between domains
- Domain A trusts Domain B
- Domain B does NOT trust Domain A
- Windows 2003 Terminal Server exists in Domain A (trusting domain)
- Folder Redirection is used on Terminal Server to redirect 'Start Menu' and 'Desktop' for Users,
depending on what Security Group they are a member of. Folder redirection works fine for all
users in Domain A.
- User1 in Domain B (trusted domain) can successfully login to Terminal Server in Domain A (trusting domain), but Group Policy processing fails to apply, therefore Folder Redirection fails and User has access to all default programs instead of only those specified by the Folder Redirection.
Error messages in Application Log of Terminal Server when User1 logs in -
SOURCE: Userenv EventID: 1109
nB from a different forest logged onto this machine. Cross Forest Group Policy processing is disabled and loopback processing has been enforced in this forest for this user account.
SOURCE: Userenv EventID: 1055
Windows cannot determine the computer name (Access is denied). Group Policy processing aborted.
- User1 (Domain B) has been added to a Domain Local Security Group in Domain A which applies the Folder Redirection settings specified in a GPO applied to the OU where the Terminal Server resides in Domain A.
- Loopback processing is enabled for the mentioned GPO so User Configuration is mapped to anyone logging onto the Terminal Server. I don't need the User Policy from Domain B applied to the User at all, so the first error message (EventID: 1109) shouldn't matter.
I have everything configured and working correctly except the GPO that applies Folder Redirection for User1. Since the Terminal Server does not recognize the PC that User1 is using to login to the Terminal Server, Group Policy processing is aborted for that user.
Anyone have any ideas as to why loopback processing isn't working correctly, even though my Application Logs says that's the way it’s working?