Forgot to mention, which is apparent if you look at the exception, that it is the Windows membership that fails the request. This indicates that the WindowsProvider (the first in the multiplexing chain) seems to not be able to handle users that aren't found in its own provider - giving a trust error.
Problem solved using this
http://stackoverflow.com/questions/1260153/windows-authentication-in-iis-7-5-fails-with-trust-relationship-exception
EDIT two weeks later:
The solution seemed fine for a while, then the problem came back... :(
/Marten
Hi,
We're having this problem with EPi7 Patch 2 and Windows Server 2012. The same setup with multiplexing provider.
Did you find any solution to this!?
Has anybody come across a solution for this problem? How did you resolve this?
We are facing this on our production environment.
Hello,
We have a customer running a CMS 6 R2 solution authenticating to a multiplexing provider (Windows then SqlServer) on a Windows 2008 Server R2 machine. The Web Server and SQL Server is both within the domain.
When trying in admin mode to search for a user or group, which is NOT a windows user or group, we are presented with the error "The trust relationship between the primary domain and the trusted domain failed.". Searching for a known Windows user or group gives a result as expected, but a known SQL user or group or just pure nonsense text in the text box returns this error.
The same error applies when we through code on a subscription page try to find a user by email, using the System.Web.Security.Membership.FindUsersByEmail function. Using this we get this exception:
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at EPiServer.Security.WindowsMembershipProvider.GetUser(String username, Boolean userIsOnline)
at EPiServer.Security.WindowsMembershipProvider.FindUsersByEmail(String emailToMatch, Int32 pageIndex, Int32 pageSize, Int32& totalRecords)
There is a blog post that touches upon the subject here -
http://world.episerver.com/Blogs/Gustaf-Ridderstolpe/Dates/2011/10/The-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed/
- but the solution does not, as far as I can tell, quite apply to my case, as it addresses file shares that have corrupted permissions - although we do land at the same exception error.
As far as I can tell through various blog posts on similar exceptions, this error seems to specifically apply to Windows 2008 Server R2 (and Windows 7).
Anyone encountered this or have any clues to share?
Best regards,
/Marten