I have got two domains. Domain A is top level domain. Domain B is Child domain from Domain A.
The ACS Agents are installed on two DC's in Domain A.
Authentication of clients in Domain A is ok.
Authentication of clients in Domain B is a problem.
I created a Universal Group in Domain A. In this Universal Group, I put a Global User Group from Domain B. Authentication not ok.
The ACS "Failed Authentication Log": sais: "External DB account Restriction".
What is the problem here ?
Check if the users are not mapped to a disabled group. Do not map multiple windows groups to ACS group. Following link may help you