Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Trust Relationship Failure between exchange server 2010 and DC

Posted on 2010-09-01
4
Medium Priority
?
1,976 Views
Last Modified: 2012-05-10
I was going thru the steps of removing an old exchange 2003 from our network  recently. In the morning when I tried to login to the new exchange server 2010 I recieved an error and could not get into the domain administrator account on the 2010 exchange.  "The trust relationship between this workstation and the primary domain failed".  I searched online and there is much stated about reset of the exchange sever account in the DC (windows 2008 (32bit)).  Email is working inbound and outbound  on the exchange 2010.  The 2003 exchange server is still up and running I have two more steps to complete (removing the recipient update service and then removing exchange thru add/remove programs) before I completely remove the old exchange 2003 fom the network.  The old server 2003 functioned as a primary DC in the past. Now the new primary DC is a server 2008. I can login to the exchange 2010 via local administrator, but not on the domain administrator, nslookup from the local admin shows correct dns and domain. If I reset the exchange server 2008 AD account will that stop my email flow, if it does not log back in the domain for some reason? Is there any other way I can get my domain administrator account to allow login to my exchange 2010 box?    
0
Comment
Question by:ajc2c
  • 2
4 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33576460
You can run netdom to reset the secure channel password this will not affect your email flow since currently you are not connected to the domain.

http://www.howtonetworking.com/vista/resetsecurechannel.htm

Your Exchange server should only point to your DC for DNS and your DC should only point to other DCs for DNS in their TCP\IP properties
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33576944
This can happen if the clocks are not synced between your domain controller and your Exchange server.  Kerberos authentication requires that the clocks be within 5 minutes of each other by default.  Check time, time zone, date etc.. and make sure they are the same.
0
 

Accepted Solution

by:
ajc2c earned 0 total points
ID: 33629198
The issue was that the old server had been the PDC and exchange server.....it has not been demoted found online....I resorted to shutdown on the old server as it was not being utilized for anything and I could login to my new exchange without a problem.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33629205
You need to do a metadata cleanup then
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question