?
Solved

Trust Relationship Failure between exchange server 2010 and DC

Posted on 2010-09-01
4
Medium Priority
?
2,010 Views
Last Modified: 2012-05-10
I was going thru the steps of removing an old exchange 2003 from our network  recently. In the morning when I tried to login to the new exchange server 2010 I recieved an error and could not get into the domain administrator account on the 2010 exchange.  "The trust relationship between this workstation and the primary domain failed".  I searched online and there is much stated about reset of the exchange sever account in the DC (windows 2008 (32bit)).  Email is working inbound and outbound  on the exchange 2010.  The 2003 exchange server is still up and running I have two more steps to complete (removing the recipient update service and then removing exchange thru add/remove programs) before I completely remove the old exchange 2003 fom the network.  The old server 2003 functioned as a primary DC in the past. Now the new primary DC is a server 2008. I can login to the exchange 2010 via local administrator, but not on the domain administrator, nslookup from the local admin shows correct dns and domain. If I reset the exchange server 2008 AD account will that stop my email flow, if it does not log back in the domain for some reason? Is there any other way I can get my domain administrator account to allow login to my exchange 2010 box?    
0
Comment
Question by:ajc2c
  • 2
4 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33576460
You can run netdom to reset the secure channel password this will not affect your email flow since currently you are not connected to the domain.

http://www.howtonetworking.com/vista/resetsecurechannel.htm

Your Exchange server should only point to your DC for DNS and your DC should only point to other DCs for DNS in their TCP\IP properties
0
 
LVL 16

Expert Comment

by:uescomp
ID: 33576944
This can happen if the clocks are not synced between your domain controller and your Exchange server.  Kerberos authentication requires that the clocks be within 5 minutes of each other by default.  Check time, time zone, date etc.. and make sure they are the same.
0
 

Accepted Solution

by:
ajc2c earned 0 total points
ID: 33629198
The issue was that the old server had been the PDC and exchange server.....it has not been demoted found online....I resorted to shutdown on the old server as it was not being utilized for anything and I could login to my new exchange without a problem.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33629205
You need to do a metadata cleanup then
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question