On the AD server search for the computer account that was created by SA. This computer account should have the same name that is configured on the AD auth server instance. Locate this and delete the account on the AD server. Now on the SA, goto the auth server and click on test config. Try to repopulate the server catalogue. To verify if the server catalogue is the latest one, try adding a new group on the AD server and see if the AD group is seen on the server catalogue. Now try to login with the user and see if the group role mapping succeeds.
... View more