Jump to content


UPN authentication on different domain not working when UPN suffix is used in both domains - classic authentication works

Started by Ewald Bracko , 19 April 2017 - 01:10 PM

Ewald Bracko Members

Ewald Bracko
  • 13 posts

Posted 19 April 2017 - 01:10 PM



we have a StoreFront server (3.7) that resides on DomainA.

As we are migrating users from DomainA to DomainB there is a both-sided trust established and the UPN suffixes we use are added to both domains as the users use those suffixes also as their mail addresses.

If a user that still resides in DomainA logs on using his UPN everything works fine.

But if a user that resides in DomainB tries to log on using his UPN he gets a "Username or Password incorrect" message.

However if this user tries to log in using the classic way (DomainB\Username) the user can successfully log on to the StoreFront server.

The event log shows that the DC of DomainA is rejecting the logon request using UPN.


Is there any way to tell Storefront to also send UPN authentication requests to a DC of DomainB and if yes, how can it be achieved?


FYI: I'm talking about direct logins to the Storefront server without using Netscaler. I already know how to do this using Netscaler but for internal logins I want not to go through the Netscaler. if anyhow possible.


Thank you in advance for your help!


Best Regards


Ewald Bracko