|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
01-22-2009
| #1 (permalink) |
| | intermittent workstation trust error calling IsInRole(string) Reposting from microsoft.public.dotnet.security -------------- Can Microsoft please provide some assistance on this item? Thanks! "asanford" wrote: Quote: > We are experiencing intermittent "The trust relationship between this > workstation and the primary domain failed" (ERROR_TRUSTED_RELATIONSHIP_FAILURE > 1789) errors in our asp.net web service. We are running Windows 2003 SP2 on > the load-balanced web machines that are receiving this error, as well as on > the Active Directory servers. We think the code that is generating the error > is a PrincipalPermission.Demand() call, which in turn is calling > WindowsPrincipal.IsInRole(string) to check if an associated WindowsIdentity > user is a member of the specified group (all groups are domain groups.) The > WindowsIdentity is constructed by calling Win32’s LogonUser() and then > constructing a new WindowsIdentity with the resulting access token. The > account running the IIS app pool is a domain account. > > We’ve looked thru the various windows event logs on both web machines and > DCs and didn’t see anything obvious, we have run “netdom verify > [computername]” on all the machines to verify the “secure channel” between > the given machine and the domain, which succeeded on all machines except one > of the DCs (we think the FSMO DC (?) – BTW, is this normal for this to fail > on the FSMO DC?) We have also browsed thru the computer accounts in the AD > users MMC app, etc – didn’t get any errors there. We also checked the time > synchronization between all of the servers and that looked correct. > > We haven’t yet taken the steps of, for each web machine, resetting the > computer account in AD, removing the machine from the domain, and then > re-joining it, since in general things seem to work. > > Perhaps the problem could be an intermittent network link between web and AD > machines? Or perhaps there’s a problem during high load? Perhaps a certain > AD logging level to watch? > > Is there a recommended way to diagnose ERROR_TRUSTED_RELATIONSHIP_FAILURE > errors, especially intermittent ones? > > Any ideas would be much appreciated. > > Thanks! > |
My System Specs |
|
01-22-2009
| #2 (permalink) |
| | Re: intermittent workstation trust error calling IsInRole(string) Asanford, As you want using this newsgroup help from Microsoft, you need an MSDN subscription. By login on to that using your normal MSDN account you can go to the managed newsgroups webclient and post your problem using that (I am in doubt if this is the right newsgroup because this is a developers newsgroup). Then you will be helped by a Microsoft MSFT in about 48 Hours. These newsgroups are usenet newsgroups, and as soon as a newsgroup is in UseNet confirm the rules of UseNet. Cor |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Error handling when calling external executable | PowerShell | |||
| calling imapi2 put_MultisessionInterfaces return error | Vista General | |||
| Problem Calling String(char[] value) constructor | PowerShell | |||
