Concept about one way trust domain

New Contributor

Current SharePoint 2019 server is hosted at  domain A and environment have one way trust with Domain S. 

Domain S  admin currently  received multiple login failed from Domain A service account , those service account is for SharePoint application pool , SharePoint Timer service . 

 

My question is why these service account go to domain S for authentication ? not only go for domain A authenticate only ?  

 

*we are unable to get more information from Domain S , only have simple alert which is 

Threat Name: An account failed to log on

 

checked on the windows event log , SharePoint usl log, IIS log not see any related activity for the service account.

 

*noticed have warning about event id 40961 :  (not sure this have related or not? )

The Warning Event details as follows;

Details : The security System could not establish a secured connection with the server ldap/server.mydomain.net/mydomain.net@MYDOMAIN.NET. No authentication protocol was available

 

*our SharePoint page have using Claims to Windows Token service for Domain S , normally the sharepoint page is login for Domain S user , Domain A service account only use for services. 

 

Hope someone can share about the authentication of this logic ?

 

thanks 

1 Reply
hi all, updated some found out for it incase have other user facing same issues here. We have encounter we added user from Domain S to the UPS service application administrator group will causing this issues because the UPS :
-The users and groups listed as Administrators of the User Profile Service Application (UPA) are cached.
-That cache expires every 5 minutes.
-When the next web service call comes into the UPA, those accounts must be resolved again and re-cached.

inside the admin group have domain S account but the service account running for UPS is Domain A service account then causing above incident.