troubleshooting Question

ASP.NET 2.0 web app authentication problems

Avatar of tferro82
tferro82 asked on
ASP.NETActive DirectoryASP
1 Comment1 Solution1001 ViewsLast Modified:
My AD is setup with a single forest and 4 child domains.  3 of the child domains replicate with DCs that are in our main location as well as a separate physical location connected via a VPN tunnel.

I have a web app that runs on a machine joined to the 4th domain, lets call it "CORP".  The corresponding DNS zone for the CORP domain is replicated throughout the forest, but the two DCs for CORP are both in the primary location and do not depend on the tunnel being up or down.

The CORP domain has two outgoing trusts for "Domain1" and "Domain2" which do have replication partners out in the remote secondary location.  

On to the question....

For some reason, when our tunnel goes down, AD users cannot login to our .Net 2.0 webapp configured for windows auth.  The server hosting the web app is joined to the "CORP" domain and points to the local CORPDC1 and CORPDC2 for DNS.  Is the error below caused by the lack of connectivity with the DCs out in our remote location?  If so, why does this dependency exist since the server hosting the webapp (as well as the users connecting to it) are set to use the 2 local DCs?

Below is the error.....

SystemException: The trust relationship between the primary domain and the trusted domain failed.
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1185
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed) +44
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +47
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +101
   UserInfo..ctor(IPrincipal oUser) +222
   BasePage.get_LoggedInUser() +44
   BasePage.Page_Init(Object sender, EventArgs e) +44
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnInit(EventArgs e) +99
   System.Web.UI.Page.OnInit(EventArgs e) +12
   System.Web.UI.Control.InitRecursive(Control namingContainer) +333
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +378
Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros