none
Failed authentication using Netbios domain name

    Question

  • Domain XXX.com trusts domain YYY.org

    Application lives in XXX domain.

    Some users can authenticate using yyy\username others have to use username@yyy.org

    xxx domain is 2012

    yyy domain is 2008r2

    • Edited by Kspencer66 Monday, March 13, 2017 12:50 PM
    Monday, March 13, 2017 12:49 PM

All replies

  • So if there is an two way trust users can access both domain and applications.this is an expected behaviour.

    Also if you mean Alternate UPN,same behaviour.

    Some users can authenticate using yyy\username others have to use username@yyy.org >>>> Also you mean Alternate UPN that's also expected behaviour.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 13, 2017 12:58 PM
  • Im sorry I do not understand your reply. Are you saying the expected behavior should be to use alternate UPN? If so why does using the NetBIOS domain name work for some of the users?
    Monday, March 13, 2017 1:07 PM
  • This starting with Windows Vista/Windows server 2008 the old fashioned option like username/password/log on to is not longer available. With the new OS version either UPN logon or domain\username(where domain is the NetBios domain name) is available.

    Check this for details;https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx

    Also check this explanation;

    http://serverfault.com/questions/371150/any-difference-between-domain-username-and-usernamedomain-local

    (if i understand you correctly..)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 13, 2017 3:01 PM
  • If im understanding this correctly then what you are saying is that logging in with domain NetBIOS name\username should work?

    If so, then that was my original question, it does not work for all users.

    Monday, March 13, 2017 7:37 PM
  • It should be works for all user.Check the configuration from application side,how did the authentication configured?

    Domain XXX.com trusts domain YYY.org >>> Are these also trusted domains?Also check the trust validation from ms side.

    Verify a Trust ; https://technet.microsoft.com/en-us/library/cc753821%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, March 14, 2017 4:44 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 17, 2017 9:19 AM
    Moderator
  • after turning on additional debugging, it turns out the application was not passing the domain name and was just traversing the trusted domains and whatever match it found first it tried to authenticate, so any user with a duplicate sam account name in one of the other domains was having issues.

    thanks for the help

    Monday, March 20, 2017 12:39 PM
  • Hi,

    Appreciate for your great share and update, it seems that the root cause is found now, can I think that the problem is also fixed? If that is the case, we would appreciate you to mark them as answers, it will be greatly helpful to others who have the same question.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 23, 2017 1:30 AM
    Moderator