TMG authentication in multidomain environment

view story

http://serverfault.com – I have an environment with two domains. corp.com is one containing user accounts. res.corp.com is resource domain containing servers. TMG servers are members of res.corp.com. TMG servers are in DMZ. They have ports opened to res.corp.com DCs but have no access to corp.com DCs. Recently authentication of corp.com accounts on TMG (publishing rules) has become pretty slow. I have checked network traffic and found out following: for res.corp.com accounts TMG servers contact directly res.corp.com DCs by LDAP and Kerberos and authenticate user. for corp.com accounts TMG servers first try to resol (HowTos)