Is it possible to use an SQL service account from a different, but still trusted, domain than the one to which the server is joined? If so, are there any nonstandard configuration settings I need to use?
I've got this setup running, but when I try to connect with an account from any domain other than the one to which the server is joined, I get the following error:
Login failed for user 'SERVICEACCOUNTDOMAIN\account'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.
I've created the SPN in the service account's domain, and verified there is both connectivity and a valid trust relationship. The users I'm testing also have logon permissions for the server.