Why would two trusted Active Directory Domains not allow access to AD accounts even though Smoothwall IPSec tunnels are open through all ports and the trust reports functioning?

In an environment in which two Smoothwalls are deployed, they are connected through an IPSec tunnel and all ports are open.  One separate Windows domain are deployed behind each Smoothwall for a total of 2 Domains.  A Domain trust has been established between the two domains and they say they are functioning fine, but users can't log into their AD accounts if they are behind the Smoothwall of the second Domain.  Functioning level is Windows Server 2003 it says and these are Windows Server 2008 R2 Domain controllers.  Does this trust need to be reestablished and functioning level raised?
memewarrenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jane UpdegraffSr. Systems AdministratorCommented:
I would try re-establishing the trust. If you can do it in a maintenance window where you won't be interfering with the users, just delete the trust and re-create it, and make sure that it's bi-directional (two-way) under the "direction of trust" section and non-transitive for safety ... then validate the trust from both sides (meaning actually remote into a machine in each domain and run ADDT and actually validate it on each domain. If it validates on both sides properly then you can be pretty confident that the IPSec tunnel (or some other firewall component either on your hardware firewalls or Windows firewall) is probably the problem. As for your firewalls, someone else will have to answer as I have no experience with that brand.
nociSoftware EngineerCommented:
There are some parts during initial connection based on Multicast / Broadcast. Those packets doen't travel past routers, so any expected answers will not be coming either. You will need a "local precense" somehow,
Shaun VermaakTechnical SpecialistCommented:
Did you perhaps create it as a selective trust?
memewarrenAuthor Commented:
Computers are connecting wirelessly.  A port setting on the wireless network had to be adjusted as the issue also presented itself with scanning PDF documents on a copier in which domain trusted accounts from domain 2 had been working as well but suddenly didn't.  The wireless APs had been updated on this network and settings changed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.