Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Cross Forest Trust issues SA 4000

SOLVED
Go to solution
Rob_Z_
Occasional Contributor
‎02-05-2009 07:26:AM
‎02-05-2009 07:26:AM

AD Cross Forest Trust issues SA 4000

Hey guys,

Just wondering if anyone has come across something similar to the issue we are seeing. We have a cross forest trust setup in our AD environment. We are running an SA4000 6.2R1. Unfortunately file resources and terminal services resorces (citrix in this case) don't recognize the trust. Web resources such as sharepoint work fine

Anyone experience this. Anyone know of a fix? I opened a case with JTAC but haven't been getting much feedback.

Thanks alot.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Rob_Z_
Occasional Contributor
‎02-09-2009 12:32:PM
‎02-09-2009 12:32:PM

Re: AD Cross Forest Trust issues SA 4000

Hey moreilly,

Thanks this got me going in the right direction. I had to write an SSO Resource policy for file shares to pass the domain\<USERNAME> across. The annoying thing is that because I have users from each forest accessing the same file resource I've had to split them up into multiple roles and only apply the policy to one of the roles. JTAC said I shouldn't need to configure SSO but I was never able to find another way to do it.

The terminal services access to citrix turned out to be a similar issue. I had to create seperate Terminal Services resource profiles for each forest, and setting the domain field under Citrix Metaframe Server Credentials to the domain name of the forest. This got the application list to display on the portal page. Then under session authentication for the bookmarks for each profile I set the username to domain\<USER> instead of using domain credentials and this allowed the user to access each individual application. Again, more administration than I'd like to do but at least it all works.

Thanks again.

View solution in original post

0 Kudos
2 REPLIES 2
moreilly_
Occasional Contributor
‎02-06-2009 04:41:AM
‎02-06-2009 04:41:AM

Re: AD Cross Forest Trust issues SA 4000

Hi,

just one thought: could it be, that in one case, the Domain is part of the username which is send to the backend system (e.g. "domain\user") and in the other case, the username only is used ?

e.g. the IVE variables <USER> ("domain\user") or <USERNAME> ("user") are used.

Moreilly

0 Kudos
Rob_Z_
Occasional Contributor
‎02-09-2009 12:32:PM
‎02-09-2009 12:32:PM

Re: AD Cross Forest Trust issues SA 4000

Hey moreilly,

Thanks this got me going in the right direction. I had to write an SSO Resource policy for file shares to pass the domain\<USERNAME> across. The annoying thing is that because I have users from each forest accessing the same file resource I've had to split them up into multiple roles and only apply the policy to one of the roles. JTAC said I shouldn't need to configure SSO but I was never able to find another way to do it.

The terminal services access to citrix turned out to be a similar issue. I had to create seperate Terminal Services resource profiles for each forest, and setting the domain field under Citrix Metaframe Server Credentials to the domain name of the forest. This got the application list to display on the portal page. Then under session authentication for the bookmarks for each profile I set the username to domain\<USER> instead of using domain credentials and this allowed the user to access each individual application. Again, more administration than I'd like to do but at least it all works.

Thanks again.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.