Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the
corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by
using their corp.contoso.com user account.
When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not
allowed to authenticate to the computer.”
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their
corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the
fabrikam.com forest.
What should you do?
A.
Configure Windows Firewall with Advanced Security.
B.
Enable SID history.
C.
Configure forest-wide authentication.
D.
Instruct the users to log on by using a user principal name (UPN).
Explanation:
Theforest-wide authentication setting permits unrestricted access by any users in the trusted forest to all
available shared resources in any of the domains in the trusting forest.
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx