My AD is setup with a single forest and 4 child domains. 3 of the child domains replicate with DCs that are in our main location as well as a separate physical location connected via a VPN tunnel.
I have a web app that runs on a machine joined to the 4th domain, lets call it "CORP". The corresponding DNS zone for the CORP domain is replicated throughout the forest, but the two DCs for CORP are both in the primary location and do not depend on the tunnel being up or down.
The CORP domain has two outgoing trusts for "Domain1" and "Domain2" which do have replication partners out in the remote secondary location.
On to the question....
For some reason, when our tunnel goes down, AD users cannot login to our .Net 2.0 webapp configured for windows auth. The server hosting the web app is joined to the "CORP" domain and points to the local CORPDC1 and CORPDC2 for DNS. Is the error below caused by the lack of connectivity with the DCs out in our remote location? If so, why does this dependency exist since the server hosting the webapp (as well as the users connecting to it) are set to use the 2 local DCs?
Below is the error.....
SystemException: The trust relationship between the primary domain and the trusted domain failed.
System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1185
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed) +44
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +47
System.Security.Principal.WindowsPrincipal.IsInRole(String role) +101
UserInfo..ctor(IPrincipal oUser) +222
BasePage.Page_Init(Object sender, EventArgs e) +44
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnInit(EventArgs e) +99
System.Web.UI.Page.OnInit(EventArgs e) +12
System.Web.UI.Control.InitRecursive(Control namingContainer) +333
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +378