There are domains A and B. There is external two way trust between them. In domain A we have server with NPS role only. Connection Request policy and Network policy are configured. In network policy we have a one condition - "User groups". This group is security group in domain A with domain local scope. In this group there are two users. One from domain A, another from domain B. For user from domain A all works well. For user from domain B we have a error when connecting "The connection request did not match any configured network policy". If add a group from domain B to this condition, then user from domain B also connecting well. Can anyone tell why?
If NPS work on domain controller, then i need add only one group from domain A in condition. Users from domain A and domain B connecting well. I need NPS without domain controller role and only one group from domain A in condition.