Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
The trust relationship between the primary domain and the trusted domain failed.
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
The trust relationship between the primary domain and t... - 19.Dec.2006 9:08:32 AM
|
|
|
azog
Posts: 16
Joined: 10.Oct.2002
From: Morris County, NJ
Status: offline
|
I searched this forum for this message, and found a few that are "close but not close enough". When I try to access the Users Toolbox in my Firewall Policy, I get error 0x800706fc, the trust relationship failed.
The ISA 2004 server is in the same (single) domain as the domain controllers. I can login via both RDP and at the console itself, and can run the Users and Computers snapin and do all the domain admin tasks I need to do, so I figure that the "trust" is good. I can run nltest, and everything from that comes back good. I even did the nltest /sc_reset, Just In Case. I run dsdiag, and that comes back good, too.
No domain GPO is applied to these servers. There are no DNS or WINS server on the external interface.
At this point, I'm kinda stumped. Any ideas? I'd prefer NOT to pull this out of the domain (it's actually a cluster), because that'll break all my users permissions.
|
|
|
|
|
RE: The trust relationship between the primary domain a... - 20.Dec.2006 7:10:35 PM
|
|
|
Jason Jones
Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Kinda sounds like the only option is to remove it from the domain and re-join. I have had to do this on a few occasions when I have seen similar symptoms.
Not ideal, sorry...
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: The trust relationship between the primary domain a... - 21.Dec.2006 5:07:58 AM
|
|
|
azog
Posts: 16
Joined: 10.Oct.2002
From: Morris County, NJ
Status: offline
|
I was able to get a workaround. I'm not able to manage my existing "Internet" group in the ISA server, but I was able to create a new group, add users from the domain to it, and then add that to the existing policy.
That kinda made me sit back and think. I can't manage my previously defined groups, but I can add new groups with users in that same domain.
As it turns out, there is an externally managed domain with a two-way trust, but it was decommissioned about a month ago. Nobody told me, so all the definations and so on were still all over the place. Some of those external users are in the group I cannot manage. I wonder if having this dead two-way trust is causing me grief? I've not yet yanked it out of AD Domains&Trusts yet.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
