The setup is the following:
- Windows VM (Domain Joined to Domain A (Internal) - AD is under my control) [Windows Server 2022]
- Windows Client (Domain Joined to Domain B (External) - AD is not under my control) [Windows 11 Enterprise]
I'm trying to RDP from a Windows Client to a Windows VM by using "Remote Desktop Connection" that comes with Windows. But it's not possible to login to the VM from this Client due to both living in different ADs.
- With NLA authentication enabled, the login fails due to the Client not being domain joined to the same domain as the VM.
- With NLA authentication disabled, I get the login screen from the VM, but when attempting to login I get an error stating: "The trust relationship between this workstation and the primary domain failed"
- Using a Client that is not Domain Joined at all manages to login to the VM without any issues with both NLA enabled and disabled. Same goes if I use the Domain Joined Client to connect to a non-Domain Joined VM. So the issue only happens when both Client and VM are Domain Joined where each is joined to a different domain (At least on Windows).
Is there anything that can be done to allow users that are using a Client that is Domain Joined to login to a VM that is Domain Joined somewhere else? Is there some way to skip the AD checks on the Client side and just verify the user on the Server (VM) side? (At least something that does not involve using a 3rd party RDP client, which would work in this case)
the login fails due to the Client not being domain joined to the same domain as the VM.That isn't the reason. There aren't any requirements that a machine be joined to the domain or not joined to another domain. Trust errors are usually self-inflicted damage. Either a conflict in a name or host image.