Thursday, August 8, 2013

KB: Server 2012 VDI collection require two-way trust when adding user group of external domain (2877933)

A new KB article (2877933) was released (FAST PUBLISH type) regarding the RD Connection Broker being in a separate domain as the RD Virtualuzation Hosts. In that case the domain trust must be two-way

“…Consider the following scenario:

  1. RDCB and RDVH are in DomainA
  2. RD users are in DomainB\RD_USER_GROUP, RD_USER_GROUP is a “Security Group - Universal"
  3. DomainA and DomainB are in different forests
  4. DomainA one-way trusts DomainB

When you tried to add DomainB\RD_USER_GROUP directly to VDI collection in DomainA, we got an error “The security identifier could not be resolved. Ensure that a two-way trust exists for the domain of selected user.

Two-way trust is required for this scenario to work

Change one-way trust to two-way trust…”


No comments:

Post a Comment