Connecting to computer in Different AD forest


Hello I have a issue with computers in AD Forest A connecting to any computer in Forest B when using UNC path \\FORESTBCOMPUTER\SHARENAME. It seems to only work when I use FQDN \\FORESTBCOMPUTER.FORESTB.LOCAL\SHARENAME I am thinking it has something to do with the DNS Suffix search order and Kerberos. Does anyone know why this would be happening? The suffix search for computers in forest A have forestA.local as the first in the list and forestB.local as the second. There is a two way transitive trust between the forests but I can only get to shares in the other forest using FQDN. Does anyone know why this would be happening?
Thanks in advance!

3 Replies
best response confirmed by charlie4872 (Contributor)
If you have multiple dns suffixes configured on a forest A computer, than it should try resolving the name of forest B computer first on the primary suffix and if that fails it should try the secondary suffix. Can you confirm that you can ping forestbcomputer without using FQDN?

Could have someting to do with :
• Domain Member: Digitally sign client communication (when possible)
• Microsoft network client: Digitally sign communications (always)

Are the policies in both domains the same regarding SMB signing?

Did you manage to fix your issue?
Yes all good now. Thanks for the reply.