Grant folder permission to trusted forest domain issue

Keith-KH 1 Reputation point

I have 2 forest domain and setup a two ways trust. Forest Trust (Two way)& Forest-wide authentication.
Domain A: Win Server 2012R2 x2
Domain B: Win Server 2012R2 & Server 2008

I try to grant folder permission on Domain A. I can reach and select users of Domain B but it prompt an error "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: <fqdn of domain b>"
After that I check the two ways trust on Domain A. The prompt "Unable to read forest trust information from the other domain. The error is: Access is denied" when I click "refresh" on "Name Suffix Routing".
The trust cannot be validated and prompt "The secure channel (SC) verification on Active Directory Domain Controller <Domain A> to domain Domain B failed with error: Access is denied".
I can grant folder permission on Domain B and validate the trust on Domain B without any error. I confirm the firewall port "53, 88, 389, 445, 636, 135, 3268, 3269" between Domain A & Domain B have no problem. Also I applied the group policy "Network access: Named pipes that can be accessed anonymously" with "netlogon, samr, lsarpc" but it still not work.
Please help...

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,170 questions
0 comments No comments
{count} votes