We help IT Professionals succeed at work.
Get Started

ASP.NET 2.0 web app authentication problems

tferro82 asked
Last Modified: 2012-06-27
My AD is setup with a single forest and 4 child domains.  3 of the child domains replicate with DCs that are in our main location as well as a separate physical location connected via a VPN tunnel.

I have a web app that runs on a machine joined to the 4th domain, lets call it "CORP".  The corresponding DNS zone for the CORP domain is replicated throughout the forest, but the two DCs for CORP are both in the primary location and do not depend on the tunnel being up or down.

The CORP domain has two outgoing trusts for "Domain1" and "Domain2" which do have replication partners out in the remote secondary location.  

On to the question....

For some reason, when our tunnel goes down, AD users cannot login to our .Net 2.0 webapp configured for windows auth.  The server hosting the web app is joined to the "CORP" domain and points to the local CORPDC1 and CORPDC2 for DNS.  Is the error below caused by the lack of connectivity with the DCs out in our remote location?  If so, why does this dependency exist since the server hosting the webapp (as well as the users connecting to it) are set to use the 2 local DCs?

Below is the error.....

SystemException: The trust relationship between the primary domain and the trusted domain failed.
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1185
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed) +44
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +47
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +101
   UserInfo..ctor(IPrincipal oUser) +222
   BasePage.get_LoggedInUser() +44
   BasePage.Page_Init(Object sender, EventArgs e) +44
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnInit(EventArgs e) +99
   System.Web.UI.Page.OnInit(EventArgs e) +12
   System.Web.UI.Control.InitRecursive(Control namingContainer) +333
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +378
Watch Question
Top Expert 2011
This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE