title | description | ms.date | manager | audience | ms.topic | localization_priority | ms.reviewer | ms.custom |
---|---|---|---|---|---|---|---|---|
Security identifier could not be resolved error with a one-way trust |
Fixes an error (Security identifier could not be resolved) that occurs with a one-way trust. |
12/26/2023 |
dcscontentpm |
itpro |
troubleshooting |
medium |
kaushika |
sap:Windows Security Technologies\Domain and forest trusts, csstroubleshoot |
This article provides help to fix an error "Security identifier could not be resolved" that occurs with a one-way trust.
Applies to: Windows Server 2012 R2
Original KB number: 3212982
Consider the following scenario:
- Remote Desktop Connection Broker (RDCB) and Remote Desktop Virtualization Host (RDVH) are in Domain A.
- Remote Desktop users are in DomainB\RD_USER_GROUP.
- RD_USER_GROUP is a "Security Group - Universal" group.
- Domain A and Domain B are in different forests.
- Domain A one-way trusts Domain B.
When you try to add DomainB\RD_USER_GROUP directly to the VDI collection in Domain A, you receive the following error message:
The security identifier could not be resolved. Ensure that a two-way trust exists for the domain of selected users.
A two-way trust is required in this scenario.
To resolve this issue, change the one-way trust to a two-way trust.