• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 25118
  • Last Modified:

The trust relationship between the primary domain and the trusted domain failed.

I am getting the following error when I try and run a program that looks up the SID of a user in a trusted domain from servers in my domain that are NOT domain controllers:

The trust relationship between the primary domain and the trusted domain failed.

If I run this command on a domain controller, I get the SID. If I run it on a workstation in my domain, I get the SID. If I run it on a server which is not a domain controller (Windows Server 2003 RC2 SP2) then I get the error.

How do I diagnose this problem!

Thanks
0
ttnetworks
Asked:
ttnetworks
  • 6
  • 6
1 Solution
 
AicoCommented:
What kind of program is it? Does it use AD to read the SID? Is there some configuration needed in the Program like defining your DC's?
0
 
ttnetworksAuthor Commented:
Nope, very very simple program, code below:

            string strUsername = @"DOMAIN\Username";

            NTAccount account = new NTAccount(strUsername);

            SecurityIdentifier sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));

The reason I am researching this is because my Team Foundation Server (MS Source Control Stuff) is not able to lookup users in our US domain because I believe there is a problem with the trust between the EUROPE and US domains.

However, when I go and "validate" the trust, I am told it works. The trust works for Exchange, and files etc, but on two of our other servers, I get the above error message with regard to the trust, why would it not work on these two, but work ok on an exchange server, and the DC's ?

Andrew
0
 
AicoCommented:
I guess you already looked at DNS issues. Did you already check the trust relationship with NLTest for example?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ttnetworksAuthor Commented:
No and No :-) I will have a go with NLTest and see what happens. This is not my primary area of expertise, which is why I am asking here!
0
 
AicoCommented:
:-), ok, check for DNS issues. Check to see if DNS resolution from the two problem server is working correctly. And post the results of the NLTest utility to look for problems.
0
 
ttnetworksAuthor Commented:
OK, Just started playing around with NLTest. An error which keeps coming up when I try and Query the US domain (I am in the EUROPE domain) is:

C:\Program Files\Support Tools>nltest.exe /SERVER:RACOON /QUERY
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE

But for one of our DC's in the EUROPE domain it works OK:

C:\Program Files\Support Tools>nltest.exe /SERVER:CHICKEN /QUERY
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully

So I will look into why the RPC server is not responding...

Andrew
0
 
AicoCommented:
Maybe some firewall issues? Check if any ports are blocked between the US and Europe domains.
0
 
ttnetworksAuthor Commented:
I cant see this being a firewall issue, because on my domain controllers everythng seems to work fine.

For example, here is the results of running nltest /sc_query:fernico.us on a domain controller:

C:\Program Files\Support Tools>nltest.exe /sc_query:fernico.us
Flags: 30 HAS_IP  HAS_TIMESERV
Trusted DC Name \\racoon.fernico.us
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

C:\Program Files\Support Tools>

BUT, then when I run the same command on one of my member servers:

C:\Program Files\Support Tools>nltest /sc_query:fernico.us
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Unsurprisngly I get the Error_no_such_domain on all the machines which are not able to run my SIDLookup program.

:-(
0
 
AicoCommented:
Hmmmm, maybe you could read the following article. It seems to me that there is a problem with DNS resolution.

http://jeffkuespert.wordpress.com/2007/07/26/dsgetdcname-failed-status-1355-0x54b-error_no_such_domain/
0
 
ttnetworksAuthor Commented:
Thanks for the info so far....

I followed that article through, and yes, I think there is a problem with some DNS records not being present, I have run a few more tests on the US domain controller and here is what I get:

C:\Program Files\Support Tools>nltest /dcname:racoon.fernico.us
NetGetDCName failed: Status = 2453 0x995 NERR_DCNotFound

C:\Program Files\Support Tools>nltest.exe /server:racoon /sc_verify:fernico.us
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

C:\Program Files\Support Tools>nltest.exe /server:racoon /sc_verify:fernicoeurop
e.co.uk
Flags: 90 HAS_IP
Trusted DC Name \\eagle.fernicoeurope.co.uk
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully

So for some reason, our US Domain Controller doesnt seem to be able to lookup information about it's own domain / itsself, but it can for the EUROPE stuff. I have run dcdiag and netdiag on it, but everything says passed....

0
 
AicoCommented:
Do both domains have secondary zones on them for each other? Or are they configured to forward DNS requests to each other?
0
 
ttnetworksAuthor Commented:
They are added as secondary zones...
0
 
vnmbo1Commented:
How can this be rated as an an 8.7 solution?There is no solution offered as far as I can see.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now