Windows Authentication Scheme is used.

There are 2 AD Domains with 1 way trust relationship.

Users from AD Domain#1 can login seamlessly and Policy Server is looking up the user in the respective AD.

Now when the users from AD Domain#2 is trying to login, Policy Server is not looking up the user in the respective AD.

Why is Policy Server not attempting to lookup the user in the AD?

Is this the reason the user is getting HTTP 401?

Release : 12.8.x

SiteMinder hands over the windows authentication and picks up the response to see if it was a successful authentication or a failed authentication.

Only when the Windows Authentication was successful then Policy Server will initiate the SiteMinder side of Authentication which involves looking up the user in the AD.

As the Windows Authentication failed, Policy Server does not need to look up the user in the user directory and this is by design.

Please get help from Infrastructure/Security team to investigate why the user is not getting authenticated.

AD Domain Controller side Security event log will have some clue why the user is not authenticated.