I removed the trust and tried again this time using the Web console and it worked. What I am not sure about is how to setup AD groups in IDM so AD users can login to Freeipa resources. Any help is appreciated.
You need to make sure your AD domain can properly see the IPA domain through srv records and firewall ports that IPA usually has open. Even if the IPA console says the trust is there, it does not mean it is working. Resolve this first before troubleshooting further.
Once you’ve resolved the above and you still cannot login with users, you will need to put sssd into debug mode to dig into your issue further. Troubleshooting Basics - sssd.io
Appears on my Windows server _kerberos._udp.dc._msdcs.win.corp.lan. is not working as expected. I disabled the firewall on my Windows server and Freeipa servers.
Non-existent domain