RPC Endpoint Mapper client authentication prevents users and groups from being added to trusting forest
- Domain controllers have Microsoft Remote Procedure Call (RPC) Endpoint Mapper client authentication enabled.
- You establish an Active Directory one-way, transitive forest trust between two Active Directory forests.
- You try to add a user or a group from the trusted forest into a local domain group of a domain in the trusting forest.
Ensure the Active Directory Controllers are available, and try to select the objects again.
You receive this message as in the following screen shot:
When you enable enhanced logging, the logging information that you receive does not provide any additional information except errors that state that domain controllers from the trusted forest are not available. Network monitoring traces do not provide additional details.
To resolve this issue, use one of the following methods.
Method 1If settings were applied through Group Policy, change the following setting to "Disabled" through Group Policy on all domain controllers of the trusting Active Directory forest:
Note Changing the setting to "Not Configured" will not remove the registry entries, and the problem will persist.
After you make this change, all domain controllers in the trusting forest must be restarted for the changes to take effect.
Method 2Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Remove the following registry entry from every domain controller in the trusting forest:
Article ID: 3073942 - Last Review: 10/19/2015 15:58:00 - Revision: 2.0