Selective Authentication – protected by authentication firewall

The computer you are signing into is protected by an authentication firewallThe specified account is not allowed to authenticate to the computer. 
1. Login to local domain controller where the resource (workstation) resides.  Open AD Users and computers – switch to Advanced Features view.
Find the workstation you are trying to login to – right click – properties – security tab. 
2. Under group or Usernames – click Add. 
3. Select Locations – select domain that contains the user account trying to login. 
4. Enter username – click OK – authenticate with account that has access. 
5. Select user – then in permissions for user select “allow” for allowed to authenticate.  Finished! 

How to configure a one way trust in Server 2019

Step 1 – configure DNS on domain 1 so it can find domain 2.
1. Open DNS Manager on domain1 and create a forward lookup zone.
2. Right click Forward Lookup Zone and choose New Zone – Next – Stub zone.
3. To all DNS servers in this DOMAIN – next – Zone name:  domain2.com – next.
4. Enter the IP address of the dns server for the trusted domain (domain2) then enter for it to resolve – Next – Finish.
5. Open command prompt and ping new stub zone “ping domain2.com” and verify reply.

Step 2 – configure DNS on domain 2 so it can find domain 1.
1. Open DNS Manager on domain2.com and create a forward lookup zone.
2. Right click Forward Lookup Zone and choose New Zone – Next – Stub zone.
3. To all DNS servers in this DOMAIN – next – Zone name:  domain1.com – next.
4. Enter the IP address of the dns server (domain1) for the trusted domain then enter for it to resolve – Next – Finish.
5. Open command prompt and ping new stub zone “ping domain1.com” and verify reply.

Step 3 – Configure trust on Domain 1.
1. Open Server Manager – AD DS – AD Domains and Trusts.
2. Right click domain1.com – properties – Trusts tab – Click New Trust…
3. Choose a name for the trust (I use the domain name I’m allowing access) – Next.
4. Choose appropriate Trust Type (External in my example) – Next.
5. Choose your desired direction. In this video I’m setting up a One-way: outgoing. This allows the door to domain 1 to open out so that the other domain2 can come in. Users in domain 2 can authenticate and log in to domain 1.
6. Choose Sides of Trust. This domain only.
7. Choose Outgoing Trust Authentication Level – Domain wide is easier as it allows all workstation log ins. 
Selective authentication – you will need to grant access to each server or workstation or use groups. I’m using Selective authentication for this video.
8. Create a trust password – Next. Review summary – Next – Next.
9. Confirm if the other side has already been created – this video – no – Finish.

Step 4 – Configure trust on Domain 2.
1. Open Server Manager – AD DS – AD Domains and Trusts.
2. Right click domain2.com – properties – Trusts tab – Click New Trust…
3. Choose a name for the trust (I use the domain name I will access) – Next. 4. Choose appropriate Trust Type (External in my example) – Next.
5. Choose your desired direction. In this part I’m creating a One-way: incoming.
6. Choose Sides of Trust. This domain only.
7. Enter same password you created in previous trust creation.
8. Review summary – Next – Next
9. Confirm Incoming Trust if you want. Next – Finish!