Carla Romere
asked on
The trust relationship between the primary domain and the trusted domain failed.
We started getting this error on our intranet server yesterday. Nothing had changed on the server at all.
Here are the things I have tried so far today:
1. Rebooted server (no change)
2. Dropped from domain and readded/restarted (no change)
3. Reset machine password via PowerShell (no change)
4. Renamed the machine/restarted (no change)
What else can I do to get this issue resolved? Here is the stack trace - I'm just stumped.
Here are the things I have tried so far today:
1. Rebooted server (no change)
2. Dropped from domain and readded/restarted (no change)
3. Reset machine password via PowerShell (no change)
4. Renamed the machine/restarted (no change)
What else can I do to get this issue resolved? Here is the stack trace - I'm just stumped.
[SystemException: The trust relationship between the primary domain and the trusted domain failed.
]
System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1242
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +54
System.Security.Principal.WindowsPrincipal.IsInRole(String role) +151
System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +112
System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +182
System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +256
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +310
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91
run this on DC and post out.txt
repadmin /showrepl * > out.txt
ASKER
Dan McFadden - nothing had changed on that server when this error started over the weekend. IIS is the only role of that server. The website is written in C#, dot net 4.6.1, and uses Windows Authentication.
Shaun Vermaak - will post that output in just a moment.
Shaun Vermaak - will post that output in just a moment.
ASKER
Here is the text.out file from that command:
Usage: repadmin <cmd> <args> [/u:{domain\\user}] [/pw:{password|*}]
Supported <cmd>s & args:
/sync <Naming Context> <Dest DSA> <Source DSA UUID> [/force] [/async]
[/full] [/addref] [/allsources]
/syncall <Dest DSA> [<Naming Context>] [<flags>]
/kcc [DSA] [/async]
/bind [DSA]
/propcheck <Naming Context> <Originating DSA Invocation ID>
<Originating USN> [DSA from which to enumerate host DSAs]
/getchanges NamingContext [SourceDSA] [/cookie:<file>]
/getchanges NamingContext [DestDSA] SourceDSAObjectGuid
[/verbose] [/statistics]
/replsingleobj [dsa-dest] <dsa-source-guid> <obj dn>
/showreps [Naming Context] [DSA [Source DSA objectGuid]] [/verbose]
[/unreplicated] [/nocache]
/showvector <Naming Context> [DSA] [/nocache]
/showmeta <Object DN> [DSA] [/nocache]
/showtime <DS time value>
/showmsg <Win32 error>
/showism [<Transport DN>] [/verbose] (must be executed locally)
/showsig [DSA]
/showconn [DSA] [Container DN | <DSA guid>] (default is local site)
/showcert [DSA]
/queue [DSA]
/failcache [DSA]
/showctx [DSA] [/nocache]
Note:- <Dest DSA>, <Source DSA>, <DSA> : Names of the appropriate servers
<Naming Context> is the Distinguished Name of the root of the NC
Example: DC=My-Domain,DC=Microsoft,DC=Com
Did you run that on a domain controller?
ASKER
Yes, that was on the primary domain controller for the sd_corp.local domain.
- Is there a license server in your domain?
- have there been any recent updates to your AD Infrastructure?
- has anyone modified any GPOs in the domain and pushed them out?
Here is something to look at and possibly try. This is for Server 2008R2 (IIS 7.5) but it may apply to Server 2012 (IIS 8)
Link: http://www-01.ibm.com/support/docview.wss?uid=swg21410940&myns=swgimgmt&mynp=OCSSEPGG&mync=R
Dan
- have there been any recent updates to your AD Infrastructure?
- has anyone modified any GPOs in the domain and pushed them out?
Here is something to look at and possibly try. This is for Server 2008R2 (IIS 7.5) but it may apply to Server 2012 (IIS 8)
Link: http://www-01.ibm.com/support/docview.wss?uid=swg21410940&myns=swgimgmt&mynp=OCSSEPGG&mync=R
Dan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We tried everything in the world and could not get this fixed. We ended up recreating the website and importing the old pages. Somehow, even though it "looked" fine, I think the web.config was corrupted.
- do you know what language the APP was written in? C#, VB
- has anyone made changes to the computer's policies?
- what mode of Authentication is the application using? Can you check in the web.config & post?
Dan