Active Directory Forest Trust stops working
Posted on 2013-01-04
I have two Windows 2008 R2 Active Directory forests, which I'll call ForestA and ForestB. ForestB trusts ForestA via a one-way external trust. I have file shares and SQL databases in ForestB that are accessed using domain accounts from ForestA.
Everything was working great until ForestA accounts started getting access denied when accessing the ForestB resources. I saw NETLOGON 3210 events on the ForestB domain controllers listing the following:
This computer could not authenticate with \\FORESTA_Domain_Controller_name_here, a Windows domain controller for domain mydomain.com, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
I also saw the same events on the ForestA domain controllers with the logs listing ForestB DCs in body of the event log message.
I deleted and re-created the trust and everything worked fine again. However, a few weeks later this issue happened again. I've had to delete and re-create the trust a few times now but want to stop this from happening.