Forum Discussion
Concept about one way trust domain
Current SharePoint 2019 server is hosted at domain A and environment have one way trust with Domain S.
Domain S admin currently received multiple login failed from Domain A service account , those service account is for SharePoint application pool , SharePoint Timer service .
My question is why these service account go to domain S for authentication ? not only go for domain A authenticate only ?
*we are unable to get more information from Domain S , only have simple alert which is
Threat Name: An account failed to log on
checked on the windows event log , SharePoint usl log, IIS log not see any related activity for the service account.
*noticed have warning about event id 40961 : (not sure this have related or not? )
The Warning Event details as follows;
Details : The security System could not establish a secured connection with the server ldap/server.mydomain.net/mydomain.net@MYDOMAIN.NET. No authentication protocol was available
*our SharePoint page have using Claims to Windows Token service for Domain S , normally the sharepoint page is login for Domain S user , Domain A service account only use for services.
Hope someone can share about the authentication of this logic ?
thanks
1 Reply
- hi all, updated some found out for it incase have other user facing same issues here. We have encounter we added user from Domain S to the UPS service application administrator group will causing this issues because the UPS :
-The users and groups listed as Administrators of the User Profile Service Application (UPA) are cached.
-That cache expires every 5 minutes.
-When the next web service call comes into the UPA, those accounts must be resolved again and re-cached.
inside the admin group have domain S account but the service account running for UPS is Domain A service account then causing above incident.
