I have 2 forest domain and setup a two ways trust. Forest Trust (Two way)& Forest-wide authentication.
Domain A: Win Server 2012R2 x2
Domain B: Win Server 2012R2 & Server 2008
I try to grant folder permission on Domain A. I can reach and select users of Domain B but it prompt an error "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: <fqdn of domain b>"
After that I check the two ways trust on Domain A. The prompt "Unable to read forest trust information from the other domain. The error is: Access is denied" when I click "refresh" on "Name Suffix Routing".
The trust cannot be validated and prompt "The secure channel (SC) verification on Active Directory Domain Controller <Domain A> to domain Domain B failed with error: Access is denied".
I can grant folder permission on Domain B and validate the trust on Domain B without any error. I confirm the firewall port "53, 88, 389, 445, 636, 135, 3268, 3269" between Domain A & Domain B have no problem. Also I applied the group policy "Network access: Named pipes that can be accessed anonymously" with "netlogon, samr, lsarpc" but it still not work.