You may have noticed that when connecting to an Active Roles service via Management Shell using the ‘Get-Credential’ cmdlet and the service is located on an untrusted domain, Events with the ID 4625 get recorded in the Event Logs.
Example of cmdlet used:
$cred = get-credential
Connect-QADService -service server.not.trustedcontoso.com -proxy $cred
The credentials used are correct and the connection works, the failed events are still recorded.
This is with the underlying Microsoft APIs as it first attempts that attempts the connection with the NTLM credentials of the logged on account, before sending/reattempting the connection with the credentials that have been supplied with the ‘Get-Credential’ cmdlet.
This all happens on the network layer and is beyond Active Roles’ control.
Ignore the generated Event ID 4625.