Error searching for SQL users in a multiplexing environment

Vote:
 

Hello,

We have a customer running a CMS 6 R2 solution authenticating to a multiplexing provider (Windows then SqlServer) on a Windows 2008 Server R2 machine. The Web Server and SQL Server is both within the domain.

When trying in admin mode to search for a user or group, which is NOT a windows user or group, we are presented with the error "The trust relationship between the primary domain and the trusted domain failed.". Searching for a known Windows user or group gives a result as expected, but a known SQL user or group or just pure nonsense text in the text box returns this error.

The same error applies when we through code on a subscription page try to find a user by email, using the System.Web.Security.Membership.FindUsersByEmail function. Using this we get this exception:

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at EPiServer.Security.WindowsMembershipProvider.GetUser(String username, Boolean userIsOnline)
at EPiServer.Security.WindowsMembershipProvider.FindUsersByEmail(String emailToMatch, Int32 pageIndex, Int32 pageSize, Int32& totalRecords)

There is a blog post that touches upon the subject here -
http://world.episerver.com/Blogs/Gustaf-Ridderstolpe/Dates/2011/10/The-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed/

- but the solution does not, as far as I can tell, quite apply to my case, as it addresses file shares that have corrupted permissions - although we do land at the same exception error.

As far as I can tell through various blog posts on similar exceptions, this error seems to specifically apply to Windows 2008 Server R2 (and Windows 7).

Anyone encountered this or have any clues to share?

Best regards,
/Marten

 

#60762
Aug 23, 2012 16:42
Vote:
 

Forgot to mention, which is apparent if you look at the exception, that it is the Windows membership that fails the request. This indicates that the WindowsProvider (the first in the multiplexing chain) seems to not be able to handle users that aren't found in its own provider - giving a trust error. 

#60763
Aug 23, 2012 17:03
Vote:
 

Problem solved using this
http://stackoverflow.com/questions/1260153/windows-authentication-in-iis-7-5-fails-with-trust-relationship-exception

EDIT two weeks later:
The solution seemed fine for a while, then the problem came back... :(

/Marten

#60781
Edited, Aug 24, 2012 13:26
Vote:
 

Hi,


We're having this problem with EPi7 Patch 2 and Windows Server 2012. The same setup with multiplexing provider.


Did you find any solution to this!?

#73615
Jul 31, 2013 20:55
Vote:
 

Has anybody come across a solution for this problem? How did you resolve this?

We are facing this on our production environment.

#155363
Sep 14, 2016 18:27
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.