Solved

Trust Relationship Failure between exchange server 2010 and DC

Posted on 2010-09-01
4
1,787 Views
Last Modified: 2012-05-10
I was going thru the steps of removing an old exchange 2003 from our network  recently. In the morning when I tried to login to the new exchange server 2010 I recieved an error and could not get into the domain administrator account on the 2010 exchange.  "The trust relationship between this workstation and the primary domain failed".  I searched online and there is much stated about reset of the exchange sever account in the DC (windows 2008 (32bit)).  Email is working inbound and outbound  on the exchange 2010.  The 2003 exchange server is still up and running I have two more steps to complete (removing the recipient update service and then removing exchange thru add/remove programs) before I completely remove the old exchange 2003 fom the network.  The old server 2003 functioned as a primary DC in the past. Now the new primary DC is a server 2008. I can login to the exchange 2010 via local administrator, but not on the domain administrator, nslookup from the local admin shows correct dns and domain. If I reset the exchange server 2008 AD account will that stop my email flow, if it does not log back in the domain for some reason? Is there any other way I can get my domain administrator account to allow login to my exchange 2010 box?    
0
Comment
Question by:ajc2c
  • 2
4 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33576460
You can run netdom to reset the secure channel password this will not affect your email flow since currently you are not connected to the domain.

http://www.howtonetworking.com/vista/resetsecurechannel.htm

Your Exchange server should only point to your DC for DNS and your DC should only point to other DCs for DNS in their TCP\IP properties
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33576944
This can happen if the clocks are not synced between your domain controller and your Exchange server.  Kerberos authentication requires that the clocks be within 5 minutes of each other by default.  Check time, time zone, date etc.. and make sure they are the same.
0
 

Accepted Solution

by:
ajc2c earned 0 total points
ID: 33629198
The issue was that the old server had been the PDC and exchange server.....it has not been demoted found online....I resorted to shutdown on the old server as it was not being utilized for anything and I could login to my new exchange without a problem.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33629205
You need to do a metadata cleanup then
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article runs through the process of deploying a single EXE application selectively to a group of user.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question