Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 25262
  • Last Modified:

The trust relationship between the primary domain and the trusted domain failed.

I am getting the following error when I try and run a program that looks up the SID of a user in a trusted domain from servers in my domain that are NOT domain controllers:

The trust relationship between the primary domain and the trusted domain failed.

If I run this command on a domain controller, I get the SID. If I run it on a workstation in my domain, I get the SID. If I run it on a server which is not a domain controller (Windows Server 2003 RC2 SP2) then I get the error.

How do I diagnose this problem!

Thanks
0
ttnetworks
Asked:
ttnetworks
  • 6
  • 6
1 Solution
 
AicoCommented:
What kind of program is it? Does it use AD to read the SID? Is there some configuration needed in the Program like defining your DC's?
0
 
ttnetworksAuthor Commented:
Nope, very very simple program, code below:

            string strUsername = @"DOMAIN\Username";

            NTAccount account = new NTAccount(strUsername);

            SecurityIdentifier sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));

The reason I am researching this is because my Team Foundation Server (MS Source Control Stuff) is not able to lookup users in our US domain because I believe there is a problem with the trust between the EUROPE and US domains.

However, when I go and "validate" the trust, I am told it works. The trust works for Exchange, and files etc, but on two of our other servers, I get the above error message with regard to the trust, why would it not work on these two, but work ok on an exchange server, and the DC's ?

Andrew
0
 
AicoCommented:
I guess you already looked at DNS issues. Did you already check the trust relationship with NLTest for example?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
ttnetworksAuthor Commented:
No and No :-) I will have a go with NLTest and see what happens. This is not my primary area of expertise, which is why I am asking here!
0
 
AicoCommented:
:-), ok, check for DNS issues. Check to see if DNS resolution from the two problem server is working correctly. And post the results of the NLTest utility to look for problems.
0
 
ttnetworksAuthor Commented:
OK, Just started playing around with NLTest. An error which keeps coming up when I try and Query the US domain (I am in the EUROPE domain) is:

C:\Program Files\Support Tools>nltest.exe /SERVER:RACOON /QUERY
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE

But for one of our DC's in the EUROPE domain it works OK:

C:\Program Files\Support Tools>nltest.exe /SERVER:CHICKEN /QUERY
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

So I will look into why the RPC server is not responding...

Andrew
0
 
AicoCommented:
Maybe some firewall issues? Check if any ports are blocked between the US and Europe domains.
0
 
ttnetworksAuthor Commented:
I cant see this being a firewall issue, because on my domain controllers everythng seems to work fine.

For example, here is the results of running nltest /sc_query:fernico.us on a domain controller:

C:\Program Files\Support Tools>nltest.exe /sc_query:fernico.us
Flags: 30 HAS_IP  HAS_TIMESERV
Trusted DC Name \\racoon.fernico.us
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>

BUT, then when I run the same command on one of my member servers:

C:\Program Files\Support Tools>nltest /sc_query:fernico.us
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Unsurprisngly I get the Error_no_such_domain on all the machines which are not able to run my SIDLookup program.

:-(
0
 
AicoCommented:
Hmmmm, maybe you could read the following article. It seems to me that there is a problem with DNS resolution.

http://jeffkuespert.wordpress.com/2007/07/26/dsgetdcname-failed-status-1355-0x54b-error_no_such_domain/
0
 
ttnetworksAuthor Commented:
Thanks for the info so far....

I followed that article through, and yes, I think there is a problem with some DNS records not being present, I have run a few more tests on the US domain controller and here is what I get:

C:\Program Files\Support Tools>nltest /dcname:racoon.fernico.us
NetGetDCName failed: Status = 2453 0x995 NERR_DCNotFound

C:\Program Files\Support Tools>nltest.exe /server:racoon /sc_verify:fernico.us
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

C:\Program Files\Support Tools>nltest.exe /server:racoon /sc_verify:fernicoeurop
e.co.uk
Flags: 90 HAS_IP
Trusted DC Name \\eagle.fernicoeurope.co.uk
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully

So for some reason, our US Domain Controller doesnt seem to be able to lookup information about it's own domain / itsself, but it can for the EUROPE stuff. I have run dcdiag and netdiag on it, but everything says passed....

0
 
AicoCommented:
Do both domains have secondary zones on them for each other? Or are they configured to forward DNS requests to each other?
0
 
ttnetworksAuthor Commented:
They are added as secondary zones...
0
 
vnmbo1Commented:
How can this be rated as an an 8.7 solution?There is no solution offered as far as I can see.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now