Scenario: User UA has a laptop from company CA and a laptop from company CB. There is no domain trust between CA and CB. UA has domain credentials CA\ua which he uses to log in to his laptop from CA. At CB, authentication is via Azure and the user has separate credentials setup there. At CA there's a DFS setup which UA accesses from his laptop from from CB. To access it, since there is no domain trust, he has to be on CA's network (either being on site or connected via VPN) and he has to choose 'use alternate credentials' when he maps the network drive (dfs root). When the authentication prompt comes, he puts in his AD credentials CA\ua and password.
Issue: intermittently, UA loses access to destination folders on the network share. Wireshark trace reveals that it's caused by his laptop from company CB sending CB\ua to the file server instead of CA\ua which the user used when mapping the drive. Reboot fixes the issue in most cases but it comes back again.
Question: If the drive is mapped using CA\ua (and the credential is cached on laptop from CB), then why is the laptop trying to authenticate with CB\ua when being challenged by the file servers? Also, why do the issues happen intermittently and not consistently?
Hope this makes sense. Any help would be much appreciated.