I have a requirement to authenticate wireless users who are members of a seperate AD forest. The domain administrators have assured me that a two-way transitive trust is inplace between the forests. I am having problems mapping groups from the new domain to ACS groups, it "Fails to enumerate the windows groups, please check installation documentation". I have checked and double checked our installation against the instructions and I don't think I have missed anything on that count.
I have run some packet captures of network traffic during ACS services startup, as well as when attempting to map groups and there is no traffic to domain controllers in the other domain / forest. Is this expected? Is this supposed to be handled by the local domain?
Any further diagnosis tips, or things to try to try and pinpoint where I have gone wrong?