none
NPS forest trust - cannot authenticate using UPN

    Question

  • Folks, 

    My NPS cannot authenticate when using UPNs. If I use DOMAIN\user, it works fine. I have 2 forests, trusted 2-ways. NPS server is member of domain B, the users that cannot be authenticated are in domain A. I checked the name suffixes routing of the trusts, and the domain name of the UPN is listed.

    NPS server is W2016.

    Domain A is Domain functional level 2008, Forest level 2003.

    Domain B is Domain functional level 2008 R2, Forest level 2008 R2.

    Thanks a lot

    Friday, May 04, 2018 4:52 PM

All replies

  • Hi Selva,

    Have a nice day! Thanks for your question.

    Please try the following link to check if the name suffix routing is configured correctly.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731648(v=ws.11)

    Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Active Directory forests that are joined by forest trusts.

    Please note: You cannot enable a name suffix that is in conflict. If the conflict is with a local UPN name suffix, you must remove the local UPN name suffix before you can enable the routing name. If the conflict is with a name that is claimed by another trust partner, you must disable the name in the other trust before it can be enabled for this trust.

    Besides, here is a link refer to Authentication across forests, you may follow it to see if it could be help. NPS was called IAS on prior to server OS 2003.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc778436(v=ws.10)

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards, 

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 07, 2018 7:12 AM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back.
    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Wednesday, May 09, 2018 9:12 AM
  • Hi Selva,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 11, 2018 6:41 PM