The trust relationship between the primary domain and the trusted domain failed.

We started getting this error on our intranet server yesterday. Nothing had changed on the server at all.
Here are the things I have tried so far today:
1. Rebooted server (no change)
2. Dropped from domain and readded/restarted (no change)
3. Reset machine password via PowerShell (no change)
4. Renamed the machine/restarted (no change)

What else can I do to get this issue resolved? Here is the stack trace - I'm just stumped.

[SystemException: The trust relationship between the primary domain and the trusted domain failed.
]
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1242
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +54
   System.Security.Principal.WindowsPrincipal.IsInRole(String role) +151
   System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +112
   System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +182
   System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +256
   System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +310
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91

Open in new window

Carla RomereDirector of Information TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
- what version of the .NET Framework in in use? v2, v3, v3.5, v4, v4.5+
- do you know what language the APP was written in?  C#, VB
- has anyone made changes to the computer's policies?
- what mode of Authentication is the application using?  Can you check in the web.config & post?

Dan
0
Shaun VermaakTechnical Specialist IVCommented:
run this on DC and post out.txt
repadmin /showrepl * > out.txt

Open in new window

0
Carla RomereDirector of Information TechnologyAuthor Commented:
Dan McFadden - nothing had changed on that server when this error started over the weekend. IIS is the only role of that server. The website is written in C#, dot net 4.6.1, and uses Windows Authentication.

Shaun Vermaak - will post that output in just a moment.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Carla RomereDirector of Information TechnologyAuthor Commented:
Here is the text.out file from that command:

Usage: repadmin <cmd> <args> [/u:{domain\\user}] [/pw:{password|*}]

Supported <cmd>s & args:
     /sync <Naming Context> <Dest DSA> <Source DSA UUID> [/force] [/async]
            [/full] [/addref] [/allsources]
     /syncall <Dest DSA> [<Naming Context>] [<flags>]
     /kcc [DSA] [/async]
     /bind [DSA]
     /propcheck <Naming Context> <Originating DSA Invocation ID>
         <Originating USN> [DSA from which to enumerate host DSAs]
     /getchanges NamingContext [SourceDSA] [/cookie:<file>]
     /getchanges NamingContext [DestDSA] SourceDSAObjectGuid
          [/verbose] [/statistics]
     /replsingleobj [dsa-dest] <dsa-source-guid> <obj dn>
     /showreps [Naming Context] [DSA [Source DSA objectGuid]] [/verbose]
         [/unreplicated] [/nocache]
     /showvector <Naming Context> [DSA] [/nocache]
     /showmeta <Object DN> [DSA] [/nocache]
     /showtime <DS time value>
     /showmsg <Win32 error>
     /showism [<Transport DN>] [/verbose] (must be executed locally)
     /showsig [DSA]
     /showconn [DSA] [Container DN | <DSA guid>] (default is local site)
     /showcert [DSA]
     /queue [DSA]
     /failcache [DSA]
     /showctx [DSA] [/nocache]

Note:- <Dest DSA>, <Source DSA>, <DSA> : Names of the appropriate servers
       <Naming Context> is the Distinguished Name of the root of the NC
              Example: DC=My-Domain,DC=Microsoft,DC=Com

Open in new window

0
Shaun VermaakTechnical Specialist IVCommented:
Did you run that on a domain controller?
0
Carla RomereDirector of Information TechnologyAuthor Commented:
Yes, that was on the primary domain controller for the sd_corp.local domain.
0
Dan McFaddenSystems EngineerCommented:
- Is there a license server in your domain?
- have there been any recent updates to your AD Infrastructure?
- has anyone modified any GPOs in the domain and pushed them out?

Here is something to look at and possibly try.  This is for Server 2008R2 (IIS 7.5) but it may apply to Server 2012 (IIS 8)

Link:  http://www-01.ibm.com/support/docview.wss?uid=swg21410940&myns=swgimgmt&mynp=OCSSEPGG&mync=R

Dan
0
Carla RomereDirector of Information TechnologyAuthor Commented:
We tried everything in the world and could not get this fixed. We ended up recreating the website and importing the old pages. Somehow, even though it "looked" fine, I think the web.config was corrupted.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Carla RomereDirector of Information TechnologyAuthor Commented:
We tried everything in the world and could not get this fixed. We ended up recreating the website and importing the old pages. Somehow, even though it "looked" fine, I think the web.config was corrupted.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iis8

From novice to tech pro — start learning today.