I have a problem which is probably not very common which I'm hoping someone might be able to advise on. Unfortunately the relationship between our lab and the corporate AD has made this setup quite complex.
We have 2 domains, we'll call them 'Server Domain' and 'User Domain'.
Servers are members of 'Server Domain'
Users are members of 'User Domain'
Server Domain has access to the User Domain RODC with a one way trust from Server Domain to Users.
We have a VMM 2012 R2 Environment with Hyper-V 2012 R2 Servers all located in Server Domain
Our user computers are all members of the Server Domain but login to their computers using User account accounts that are members of User Domain.
What I need to be able to do is allow Users to login using their User Domain account to the VMM Environment (via App Controller) on the Server Domain. I've created Domain local groups on the Server Domain and added the user accounts from the User domain.
However, when I try to login using one of these accounts I get a SQL Server access error:
The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
ID: 2607
Has anyone any experience of this particular setup? I've found very little in my various searches so any suggestions or advise would be appreciated.
Thanks