I went and attempted to disable SID Filtering over some trust links to prepare for SID History during domain migration using the following command:
netdom trust TrustingDomainName /domain: TrustedDomainName /quarantine:No /userD: domainadministratorAcct /passwordD: domainadminpwd
When doing this I got the following error (click to enlarge):
After research I found the cause. “Network access: Allow anonymous SID/name translation” was set to disabled on the Trusted Domain. This this should be enabled on domain controllers – please see http://technet.microsoft.com/en-us/library/cc728431.aspx.
To disable SID Filtering you must Enable anonymous SID/name translation on your Default Domain Controllers GPO for the Trusted Domain.
I set it to enabled. This policy is located under:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
After this the problem was resolved:
Note: Access is denied can also be caused if you use NetBIOS names instead of FQDN's for the domain names.