The trust relationship between the primary domain and the trusted domain failed.

We started getting this error on our intranet server yesterday. Nothing had changed on the server at all.
Here are the things I have tried so far today:
1. Rebooted server (no change)
2. Dropped from domain and readded/restarted (no change)
3. Reset machine password via PowerShell (no change)
4. Renamed the machine/restarted (no change)

What else can I do to get this issue resolved? Here is the stack trace - I'm just stumped.

[SystemException: The trust relationship between the primary domain and the trusted domain failed.
]
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1242
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +54
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +151
   System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +112
   System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +182
   System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +256
   System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +310
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91

Open in new window

Carla RomereDirector of Information TechnologyAsked:
Who is Participating?
 
Carla RomereConnect With a Mentor Director of Information TechnologyAuthor Commented:
We tried everything in the world and could not get this fixed. We ended up recreating the website and importing the old pages. Somehow, even though it "looked" fine, I think the web.config was corrupted.
0
 
Dan McFaddenSystems EngineerCommented:
- what version of the .NET Framework in in use? v2, v3, v3.5, v4, v4.5+
- do you know what language the APP was written in?  C#, VB
- has anyone made changes to the computer's policies?
- what mode of Authentication is the application using?  Can you check in the web.config & post?

Dan
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
run this on DC and post out.txt
repadmin /showrepl * > out.txt

Open in new window

0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
Carla RomereDirector of Information TechnologyAuthor Commented:
Dan McFadden - nothing had changed on that server when this error started over the weekend. IIS is the only role of that server. The website is written in C#, dot net 4.6.1, and uses Windows Authentication.

Shaun Vermaak - will post that output in just a moment.
0
 
Carla RomereDirector of Information TechnologyAuthor Commented:
Here is the text.out file from that command:

Usage: repadmin <cmd> <args> [/u:{domain\\user}] [/pw:{password|*}]

Supported <cmd>s & args:
     /sync <Naming Context> <Dest DSA> <Source DSA UUID> [/force] [/async]
            [/full] [/addref] [/allsources]
     /syncall <Dest DSA> [<Naming Context>] [<flags>]
     /kcc [DSA] [/async]
     /bind [DSA]
     /propcheck <Naming Context> <Originating DSA Invocation ID>
         <Originating USN> [DSA from which to enumerate host DSAs]
     /getchanges NamingContext [SourceDSA] [/cookie:<file>]
     /getchanges NamingContext [DestDSA] SourceDSAObjectGuid
          [/verbose] [/statistics]
     /replsingleobj [dsa-dest] <dsa-source-guid> <obj dn>
     /showreps [Naming Context] [DSA [Source DSA objectGuid]] [/verbose]
         [/unreplicated] [/nocache]
     /showvector <Naming Context> [DSA] [/nocache]
     /showmeta <Object DN> [DSA] [/nocache]
     /showtime <DS time value>
     /showmsg <Win32 error>
     /showism [<Transport DN>] [/verbose] (must be executed locally)
     /showsig [DSA]
     /showconn [DSA] [Container DN | <DSA guid>] (default is local site)
     /showcert [DSA]
     /queue [DSA]
     /failcache [DSA]
     /showctx [DSA] [/nocache]

Note:- <Dest DSA>, <Source DSA>, <DSA> : Names of the appropriate servers
       <Naming Context> is the Distinguished Name of the root of the NC
              Example: DC=My-Domain,DC=Microsoft,DC=Com

Open in new window

0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
Did you run that on a domain controller?
0
 
Carla RomereDirector of Information TechnologyAuthor Commented:
Yes, that was on the primary domain controller for the sd_corp.local domain.
0
 
Dan McFaddenSystems EngineerCommented:
- Is there a license server in your domain?
- have there been any recent updates to your AD Infrastructure?
- has anyone modified any GPOs in the domain and pushed them out?

Here is something to look at and possibly try.  This is for Server 2008R2 (IIS 7.5) but it may apply to Server 2012 (IIS 8)

Link:  http://www-01.ibm.com/support/docview.wss?uid=swg21410940&myns=swgimgmt&mynp=OCSSEPGG&mync=R

Dan
0
 
Carla RomereDirector of Information TechnologyAuthor Commented:
We tried everything in the world and could not get this fixed. We ended up recreating the website and importing the old pages. Somehow, even though it "looked" fine, I think the web.config was corrupted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.