Trust Issues in a Single Forest / Single Domain

During the process of creating a RemoteApp collection on a new 2016 Remote Desktop Server, I received the following error message:

The security identifier could not be resolved. Ensure that a two way trust exists for the domain of the selected users.

The first thing I checked was the DNS Server. Issues like this are almost always DNS. Everything appeared to be in order.

I checked ntdsutil to make sure that all roles were delegated to the correct servers. I went through Active Directory with a fine tooth comb. Everything was within normal parameters.

Brainstorming, I thought that maybe the computer name was the issue. During deployment, I named this RDP server the same computer name as the previous terminal server. It was easy to test, so I created a local user account, disjoined the new server from the domain, renamed it, and rejoined it to the domain. It was not the problem.

Then, I noticed that I could not ping “serverDC” without its domain suffix. Host not found. I didn’t have any problems joining to the local domain, so how could this be?

Suddenly, it hit me! Amazon AWS servers, by default, have a list of DNS suffixes, like this:

I had to add our domain suffix to the top of the list, set it as the DNS suffix for the connection, and check the box to “Use this connection’s DNS suffix in DNS registration.”

Everything worked fine after this change was made. I did not even have to reboot!

As always, I will do my best to answer any questions in the comments below.

For inquiries, please contact me by email at

Tech Direct Services