Here is the network monitor trace for the failed bind. The domain is the good one. The Destination IP 10.150.200.19 is the domain controller. Remeber that the machine MYSERVER is located in domain A (a.net).
408 10.359375 {UDP:63, IPv4:115} MYSERVER 10.150.200.19 KerberosV5 KerberosV5:AS Request Cname: mywebsite@b.net Realm: b.net Sname: krbtgt/b.net
409 10.359375 {UDP:63, IPv4:115} 10.150.200.19 MYSERVER KerberosV5 KerberosV5:KRB_ERROR - KDC_ERR_C_PRINCIPAL_UNKNOWN (6)
410 10.359375 {UDP:64, IPv4:115} MYSERVER 10.150.200.19 KerberosV5 KerberosV5:AS Request Cname: mywebsite@b.net Realm: b.net Sname: krbtgt/b.net
411 10.359375 {UDP:64, IPv4:115} 10.150.200.19 MYSERVER KerberosV5 KerberosV5:KRB_ERROR - KDC_ERR_C_PRINCIPAL_UNKNOWN (6)
412 10.359375 w3wp.exe {LDAP:65, TCP:62, IPv4:115} MYSERVER 10.150.200.19 LDAP LDAP:Bind Request, MessageID: 102, Version: 3
413 10.359375 w3wp.exe {LDAP:65, TCP:62, IPv4:115} 10.150.200.19 MYSERVER LDAP LDAP:Bind Response, MessageID: 102, Status: Sasl Bind In Progress
414 10.359375 w3wp.exe {LDAP:65, TCP:62, IPv4:115} MYSERVER 10.150.200.19 LDAP LDAP:Bind Request, MessageID: 103, Version: 3
415 10.359375 w3wp.exe {LDAP:65, TCP:62, IPv4:115} 10.150.200.19 MYSERVER LDAP LDAP:Bind Response, MessageID: 103, Status: Invalid Credentials
BindResponse: Status: Invalid Credentials, MatchedDN: NULL, ErrorMessage: 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
Using netbios format for credentials name, it works :
67 0.187500 {UDP:15, IPv4:4} MYSERVER 10.150.200.19 KerberosV5 KerberosV5:AS Request Cname: mywebsite Realm: b.net Sname: krbtgt/b.net
68 0.187500 {UDP:15, IPv4:4} 10.150.200.19 MYSERVER KerberosV5 KerberosV5:AS Response Ticket[Realm: b.net, Sname: krbtgt/b.net]
69 0.187500 {UDP:16, IPv4:4} MYSERVER 10.150.200.19 KerberosV5 KerberosV5:TGS Request Realm: b.net Sname: ldap/dc1.b.net/b.net
70 0.187500 {UDP:16, IPv4:4} 10.150.200.19 MYSERVER KerberosV5 KerberosV5:TGS Response Cname: mywebsite
71 0.187500 {LDAP:17, TCP:14, IPv4:4} MYSERVER 10.150.200.19 LDAP LDAP:Bind Request, MessageID: 116, Version: 3
72 0.187500 {TCP:14, IPv4:4} MYSERVER 10.150.200.19 TCP TCP:[Continuation to #71]Flags=...AP..., SrcPort=4038, DstPort=LDAP(389), PayloadLen=17, Seq=3860893092 - 3860893109, Ack=3419853981, Win=65535 (scale factor 0x0) = 65535
73 0.187500 {TCP:14, IPv4:4} 10.150.200.19 MYSERVER TCP TCP:Flags=...A...., SrcPort=LDAP(389), DstPort=4038, PayloadLen=0, Seq=3419853981, Ack=3860893109, Win=65535 (scale factor 0x0) = 65535
74 0.187500 {LDAP:17, TCP:14, IPv4:4} 10.150.200.19 MYSERVER LDAP LDAP:Bind Response, MessageID: 116, Status: Success
75 0.187500 {LDAP:17, TCP:14, IPv4:4} MYSERVER 10.150.200.19 LDAP LDAP:GSS-API Encrypted Payload
76 0.203125 {LDAP:17, TCP:14, IPv4:4} 10.150.200.19 MYSERVER LDAP LDAP:GSS-API Encrypted Payload
77 0.203125 {LDAP:17, TCP:14, IPv4:4} MYSERVER 10.150.200.19 LDAP LDAP:GSS-API Encrypted Payload
78 0.203125 {TCP:14, IPv4:4} MYSERVER 10.150.200.19 TCP TCP:Flags=...A...F, SrcPort=4038, DstPort=LDAP(389), PayloadLen=0, Seq=3860893366, Ack=3419854243, Win=65273 (scale factor 0x0) = 65273
79 0.203125 {LDAP:13, TCP:10, IPv4:4} MYSERVER 10.150.200.19 LDAP LDAP:Modify Request, MessageID: 119, Object: CN=topogigio_80d5e8,OU=ACBSOFT,OU=FAXBOX,OU=Preprod,DC=rcs,DC=private
80 0.203125 {TCP:14, IPv4:4} 10.150.200.19 MYSERVER TCP TCP:Flags=...A...F, SrcPort=LDAP(389), DstPort=4038, PayloadLen=0, Seq=3419854243, Ack=3860893366, Win=65278 (scale factor 0x0) = 65278
81 0.203125 {TCP:14, IPv4:4} MYSERVER 10.150.200.19 TCP TCP:Flags=...A...., SrcPort=4038, DstPort=LDAP(389), PayloadLen=0, Seq=3860893367, Ack=3419854244, Win=65273 (scale factor 0x0) = 65273
82 0.203125 {TCP:18, IPv4:4} 10.150.200.19 MYSERVER TCP TCP:Flags=...A...., SrcPort=LDAP(389), DstPort=4038, PayloadLen=0, Seq=3419854244, Ack=3860893367, Win=65278
83 0.203125 {LDAP:13, TCP:10, IPv4:4} 10.150.200.19 MYSERVER LDAP LDAP:Modify Response, MessageID: 119, Status: Success
84 0.203125 {LDAP:13, TCP:10, IPv4:4} MYSERVER 10.150.200.19 LDAP LDAP:Unbind Request, MessageID: 120
Any thoughts ?