Your network contains two Active Directory forests named contoso.com and fabrikam.com.
The contoso.com forest contains two domains named corp.contoso.com and contoso.com.
You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client
computers in the fabrikam.com domain by using their corp.contoso.com user account.
When they try to log on, they receive following error message:
“The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.”
Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials.
You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest.
What should you do?
A. Configure Windows Firewall with Advanced Security.
B. Enable SID history.
C. Configure forest-wide authentication.
D. Instruct the users to log on by using a user principal name (UPN).
The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the