Cross-forest authentication is not working on some systems. There are two domains with a two-way trust between them. The encryption type RC4_HMAC_MD5 is disabled in the domain the system is joined to but users from the other domain can not authenticate. The default_etypes setting in vas.conf has been set to aes256-cts-hmac-sha1-96. The following errors are seen in the log when vasd debug is enabled:
1 - In Active Directory Domains and Trusts, navigate to the trusted domain object.
2 - Right-click the object, select Properties, and then select Trusts.
3 - In the Domains that trust this domain (incoming trusts) box, select the trusting domain