web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Season of Giving Solutions is Here!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / AX can't resolve S...
Microsoft Dynamics AX (Archived)

AX can't resolve SID over Trusted Domain's users

(0) ShareShare
ReportReport
Posted on by Daniele.Selvi 160

Hello,

I am working on a client which has 2 domains in a trusted relashionship.

I have correctly imported and ad user from the trusted domain(we will call it DOMAIN2) into AX (AX2012 R3 CU12) installed into the other domain(we will call it DOMAIN1).

I can log on to AX correctly using users both from the DOMAIN1 and DOMAIN2 domain but I get errors on some AX tasks:

- for instance when I create an alert rule using a user from DOMAIN1 to be sent to a user In DOMAIN2 i get the following error:

Just to be sure that this was an AD issue, I have run the followin job to list all users of which the SID could not be resolved by AX. The Infolog is showing only the AX users belonging to DOMAIN2:

Any advise on how to resolve this is much appreciated.

Kind Regards,

*This post is locked for comments

I have the same question (0)
  • Daniele.Selvi Profile Picture
    Daniele.Selvi 160 on at

  • Daniele.Selvi Profile Picture
    Daniele.Selvi 160 on at

    Sorry, couldn't attache the screenshots earlier:

    2017_2D00_04_2D00_01-11_5F00_20_5F00_11_2D00_CMRAXPROD01-_2800_192.168.12.203_2900_-_2D00_-Remote-Desktop-Connection-Manager-v2.7.png

    Second screenshot:

    2017_2D00_04_2D00_01-11_5F00_20_5F00_11_2D00_CMRAXPROD01-_2800_192.168.12.203_2900_-_2D00_-Remote-Desktop-Connection-Manager-v2.7.png

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,482 Super User 2025 Season 2 on at

    Hi Daniele,

    I had faced the same issue at a customer who merged with another company. This was on an AX2012 R2 environment with CU7. We had issues then mainly with users on workflows and accessing the enterprise portal.

    All users needed to be migrated to one main domain anyway. So these users were migrated to solve this. I assumed it was because there was a one-way trust. Do you have a one-way trust or two-way? (not that I know what I'm talking about, but this was a likely cause which was not investigated further). You can also see if a recent kernel can fix this issue.

    If the two-way trust and a recent kernel is not solving you issue, the customer or you can create a case at Microsoft Support.

  • Daniele.Selvi Profile Picture
    Daniele.Selvi 160 on at

    They have a two-way trust.

    Then I believe I will have to search a fix and eventually log a case to MS Support for this.

    Thanks

  • Verified answer
    Daniele.Selvi Profile Picture
    Daniele.Selvi 160 on at

    We have finally resolved this and I believed It would be useful to share our findings:

    We spotted that "randomly" it wasn't possible to import a user from the trusted domain (we have a two-way trust) as well as we were never able to create an alert rule using a user from DOMAIN1 to be sent to a user In DOMAIN2(as per this original question). Bear in mind that EVERYTHING ELSE WAS WORKING OK!

    Although the VPN channel linking the 2 trusted domain was apparently working fine, since my client's subsidiary where I am implementing AX is in Cameroon, we thought the issue could be somehow related to the quality of the Internet Connetion here in West Africa.

    We then researched how we could optimize the packets transmission over "slow internet connections" scenarios amending the MTU at our servers in Cameroon: the default value for the packet size is usually 1500, so we reduced it to 1350 on all our servers and clients using the following command:

    netsh interface ipv4 set subinterface "YOUR NETWORK INTERFACE NAME" mtu=1350 store=persistent


    Generally it is logical to assume larget packets are better, because of reduced number of headers transferred each time, less routing decisions, etc..

    however smaller packets might be clearly more "responsive" therefore more suitable for slower connections.

    I hope this helped

     

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,482 Super User 2025 Season 2 on at

    HI Daniele,

    Thanks for the feedback. If this was your solution, you may mark your own answer to have the thread get the status answered.

  • Suggested answer
    guk1964 Profile Picture
    guk1964 10,888 on at

    If the issue is to do with slow connections and packet size then there are several network

    acceleration tools  that address this by packet shaping, priority, cacheing etc, see Peribit,/ Juniper as one provider of such solutions.

    However, also ensure that the bottleneck is not on the server e.g. slow disks, wrong RAID and set up, etc or on the local network - old routers etc.

    You can also look at a fibre optic connection just locally between the servers.

    I assume you are using rdp/citrix connection?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Season of Giving Solutions is Here!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#2
TAHER Mehdi Profile Picture

TAHER Mehdi 3

#3
Nakul Profile Picture

Nakul 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans