RDS Trust relationship issue

Similar Messages

• Getting Error The trust relationship between the primary domain and the trusted domain failed in SharePoint 2010

  Hi,
  SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
  But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
  the SharePoint Logs I found out the below exception
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:55.54  mssearch.exe (0x0864)                    0x2B24 SharePoint Server Search       Propagation Manager          
   fo2s Medium   [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes)  [indexpropagator.cxx:1607]  d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx 
  11/30/2011 12:14:55.99  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     The SPPersistedObject with
  Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
  domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
  sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()    
  at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip... 
  11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
  persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) 
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   8xqx High     Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.   
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
  sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
  T denyRightsMask)     at Microsoft.SharePoint.Administrati... 
  11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()    
  at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
  id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
  currentVe...
  Please guide me on the above issue ,this will be of great help
  Thanks.

  I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped. 
  The problem is caused by User profile Synch Service:
  UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
  The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
  Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
  identifier, T grantRightsMask, T denyRigh...        
  08/23/2014 13:00:20.96*        w3wp.exe (0x2204)                      
          0x293C        SharePoint Portal Server              User Profiles                
          eh0u        Unexpected        ...tsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties()     at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
  Please let me know if you any solution found for this?
  Regards,
  Kunal  

• The security database on the server does not have a computer account for this workstation trust relationship

  When I try to log on to my DC it says "The security database on the server does not have a computer account for this workstation trust relationship". It won't let me log on. I installed another server server 2012r2  (its virtual )
  and I can get to ADSI edit. 
  I think what happened was I had a pc that could not connect without unplugging the network cable. So I found this fix 
  FIX: “The security database on the server does not have a computer account for this workstation trust relationship”2032011
  I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post.  In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have
  seen around.  Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself.  Here are the steps I take to fix this issue when it crops up:
  Open up Active Directory Users & Computers pointed to the domain the computer account resides in
  From the “View” pull-down menu, make sure that “Advanced Features” is checked
  Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides
  Open the Properties for the computer object
  Choose the “Attribute Editor” tab on the Properties dialog box
  Check the Attributes dNSHostName & servicePrincipalName – anywhere that a fully qualified hostname is specified (e.g. myserver.mydomainname.com), make sure that the entry matches the hostname
  you have configured when you go here on your server: Start -> Computer -> Right-Click, Properties -> Change Settings (under “Computer name, domain… settings”) -> Full Computer Name
  As an example, for a fictitious W2K8 R2 server whose Full Computer Name is “srv1.mydomainname.com”, these attribute/value pairs should be in Active Directory:
  dNSHostName:
  srv1.mydomainname.com
  servicePrincipalName:
  HOST/SRV1
  HOST/srv1.mydomainname.com
  RestrictedKrbHost/SRV1
  RestrictedKrbHost/srv1.mydomainname.com
  TERMSRV/SRV1
  TERMSRV/srv1.mydomainname.com"
  Not reading it carefully I add a computer with the same name as the pc having the issue and followed the above. The problem is that I did not notice that the spn did not want the name of my server (serv1) but the name of the trouble
  pc.
  dcdiag output
  PS C:\Users\administrator.TOM> dcdiag.exe
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     ***Error: DC3 is not a Directory Server.  Must specify /s:<Directory Server> or  /n:<Naming Context> or nothing to
     use the local machine.
     ERROR: Could not find home server.
  PS C:\Users\administrator.TOM> dcdiag.exe /s:DC2
  Directory Server Diagnosis
  Performing initial setup:
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site\DC2
        Starting test: Connectivity
           The host 9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM could not be resolved to an IP address. Check the DN
           server, DHCP, server name, etc.
           Neither the the server name (DC2.TOM) nor the Guid DNS name (9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM)
           could be resolved by DNS.  Check that the server is up and is registered correctly with the DNS server.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... DC2 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site\DC2
        Skipping all tests, because server DC2 is not responding to directory service requests.
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : TOM
        Starting test: CheckSDRefDom
           ......................... TOM passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... TOM passed test CrossRefValidation
     Running enterprise tests on : TOM
        Starting test: LocatorCheck
           ......................... TOM passed test LocatorCheck
        Starting test: Intersite
           ......................... TOM passed test Intersite
  PS C:\Users\administrator.TOM> regsvr32 schmmgmt.dll
  PS C:\Users\administrator.TOM> netdig /fix
  netdig : The term 'netdig' is not recognized as the name of a cmdlet, function, script file, or operable program.
  Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:1
  + netdig /fix
  + ~~~~~~
      + CategoryInfo          : ObjectNotFound: (netdig:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException
  PS C:\Users\administrator.TOM> Setup /PrepareSchema
  Setup : The term 'Setup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
  the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:1
  + Setup /PrepareSchema
  + ~~~~~
      + CategoryInfo          : ObjectNotFound: (Setup:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException
  PS C:\Users\administrator.TOM> netdiag /test
  netdiag : The term 'netdiag' is not recognized as the name of a cmdlet, function, script file, or operable program.
  Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:1
  + netdiag /test
  + ~~~~~~~
      + CategoryInfo          : ObjectNotFound: (netdiag:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException
  PS C:\Users\administrator.TOM> nslooup
  nslooup : The term 'nslooup' is not recognized as the name of a cmdlet, function, script file, or operable program.
  Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
  At line:1 char:1
  + nslooup
  + ~~~~~~~
      + CategoryInfo          : ObjectNotFound: (nslooup:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException
  PS C:\Users\administrator.TOM>

  Ok fixed. 
  At a elevated cmd prompt run ;
  C:\Users\administrator.TOM>setspn -x
  As you can see the DC serv1 had duplicate SPNs.
  Checking domain DC=TOM
  Processing entry 1
  HOST/serv1.TOM is registered on these accounts:
          CN=SERV1,OU=Domain Controllers,DC=TOM
          CN=C00049,CN=Computers,DC=TOM
  {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/TOWN-HBWJ29ZOQC is registered on these ac
  counts:
          CN=Administrator,CN=Users,DC=TOM
          CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
  {14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/town-hbwj29zoqc.TOM is registered on thes
  e accounts:
          CN=Administrator,CN=Users,DC=TOM
          CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
  RestrictedKrbHost/serv1 is registered on these accounts:
          CN=C00049,CN=Computers,DC=TOM
          CN=SERV1,OU=Domain Controllers,DC=TOM
  RestrictedKrbHost/serv1.TOM is registered on these accounts:
          CN=C00049,CN=Computers,DC=TOM
          CN=SERV1,OU=Domain Controllers,DC=TOM
  found 5 groups of duplicate SPNs.
  Went to the computers OU and changed computer c00049 to the correct SPN. Now I have a new issues, I'll start a new thread.

• Trust relationship after upgrading to Windows 8.1

  Hi
  I have recently upgraded 20 laptops to Windows 8.1, lately some of the laptops keep saying trust relationship cannot contact to domain, I have taken them off the domain and then put them back on, the laptops then work again but each day with some laptops
  the same thing happens again and  I have to repeat the whole procedure. Recenlty the same laptop every day for the pass 5 days, it is really annoying and time consuming

  Hi Carl Shorty,
  What error message do you receive?
  Do you means that the computer in error keeps losing the trust relationship every day?
  This issue that machine trust cannot be established occurs because the computer's machine account has the incorrect role or its password has become mismatched with that of the domain database.
  If we can login as local-admin , we join the domain from the client if at the same time you can provide an administrator username and password on the domain. We can delete the existing computer account in Server Manager, recreate the computer account, synchronize
  the domain, and then on the client rejoin the domain.
  For details, you can refer to: Trust Relationship Between Workstation and Domain Fails
  http://support.microsoft.com/kb/162797
  If this doesn’t work, we could use the command netdom reset 'machinename' /domain:'domainname
  to reset the member security channel.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• TF215097: An error occurred while initializing a build for build definition : Could not establish trust relationship for the SSL/TLS secure channel

  Hello,
  We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML.  It seems to me that some certificate
  might be invalidated. Can anyone please point me in the right direction? 
  Thanks, 
  Mitul
  TF215097: An error occurred while initializing a build for build definition :
  Exception Message: One or more errors occurred. (type AggregateException)
  Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
  at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
  at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
  at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
  at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
  at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
  Inner Exception Details:
  Exception Message: An error occurred while sending the request. (type HttpRequestException)
  Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
  at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
  Inner Exception Details:
  Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
  at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
  Inner Exception Details:
  Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
  Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
  at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

  Hi Mitul,
  Thanks for your reply.
  It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
  Please share your TFS Server detailed environment information here. And share your
  Build Service Properties dialog screenshot here.
  Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
  Clean the Cache folder on Server machine. The folder path is:
  C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.  
  After cleaned, on Server machine, click Start and select
  Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
  Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

  I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
  This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
  server is configured on http port 80 
  ERROR
  Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
  according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
  I've checked proxy server connectivity. I'm able browse following site from WSUS server
  http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
  I did telnet proxy server on the particular port (8080) and that is also fine.
  I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
  Any tips appreciated !
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
  Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
  (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
  I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
  My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
  proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
  Any other hints where I can prove them it's a sure shot problem from their side.
  Thanks again !!
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• Office Web Apps 2013 + could not establish trust relationship

  We currently have a three tier SharePoint 2013 Farm:
  1. Web Front End Server (Server 2008 R2 Enterprise) - Servername: TEST2SP013.domain.dom
  2. Central Admin Server (Server 2008 R2 Enterprise) - Servername: TEST2SPCA013.domain.dom
  3. SQL Server (Server 2012 Datacenter) - Servername: TESTSQL012.domain.dom
  All Machines are in the same IP/Subnet.
  We are trying to setup a new server (Server 2012 R2 Datacenter) (Servername: TEST022.domain.dom) to run Office Web Apps 2013 in our TEST environment to test the system before rolling in production and have had issues throughout the entire process.
  The technet articles we have used are:
  http://technet.microsoft.com/en-us/library/jj219435.aspx
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  http://technet.microsoft.com/en-us/library/jj219627.aspx
  We finally have what I thought was a correct setup but anytime we try to edit or view a word, excel, powerpoint document within SharePoint 2013, we receive "Sorry, there was a problem and we can't open this document. If this happens again, try opening
  the document in Microsoft Word."
  We found a few How-To Setup Office Web Apps sites where other people provided step-by step instructions:
  blogs.msdn.com/b/sowmyancs/archive/2012/10/29/install-configure-amp-monitor-office-web-apps-2013-for-sp-2013.aspx
  http://www.wictorwilen.se/office-web-apps-2013-securing-your-wac-farm
  http://blogs.technet.com/b/justin_gao/archive/2013/06/30/configuring-office-web-apps-server-communication-using-https.aspx
  We reviewed the ULS logs and found the following error:
  02/14/2014 13:38:40.24  w3wp.exe (0x1C04)                        0x1BB4 Office Web Apps              
   WAC Hosting Interaction        adhsk Unexpected WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException:
  No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate
  is invalid according to the validation procedure.     at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)     at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)     --- End of
  inner exception stack trace ---     at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)     at Microsoft.Office.Web.Apps.Common.Ht... 7bed0d51-511d-4541-a059-e2f72942e617
  None of the article provide specific step-by-step instructions with using HTTPS in a test environment specifically when it comes to Self-Signed Certs through Active Directory Certificate Services.
  We tried creating a Self-Signed Cert through IIS on the Office Web Apps Box which did not work.
  We tried creating a Cert through Active Directory Certificate Services which did not work.
  We tried adding the Cert through Central Admin > Security > Manage Trust which did not help.
  We verified "get-spwopizone" is set to internal-https
  We can access the Web Apps https://test022/hosting/discovery site and view the XML with no issue on any machine on our network.
  We added our domain to the list of approved domains that can use Office Web Apps as well as add "Domain Users" as the security group that can "EDIT" Office Documents through Office Web Apps. 
  After each step, we tried performing either a system reboot or IIS Reset on the Office Web Appcs and WFE box.
  My Question is how do we generate a certificate (either self-signed through IIS on the Office Web Apps Box or through AD) that will allow this application to work? I read that the Fully Qualified Domain Name needs to be in the SAN field of the Cert but when
  we request it, I have no way of entering this information. I tried following http://technet.microsoft.com/en-us/library/ff625722 to manually request a certificate with a Custom SAN but that did not work either.
  I am assuming the certificate issue is with the New Office Web Apps box. Is this correct?
  -Chris

  If internal cert then you will have to add certificate from OWA to tursted certificates in each sharepoint server plus add the certificate from central admin in Sharepoint through manage trust. Also you will need to install p7b file (file that contains
  path to root certificate to verify each intermediate certificate) for internal cert to each sharepoint server to not get certificate error.
  sachin

• Windows 7: Trust Relationship Error - Local Administrator Account Locked.

  I have 2 Windows 7 Professional machines that recently locked me out citing the "Trust Relationship between this workstation and primary domain failed".
   I assumed all I would have to do is log in as local administrator and remove it from the domain and then re-add it.  When I tried to log on, it told me that I have the password was incorrect - which I knew it wasn't.  After a
  few tries I got a different message that said that the account was locked.  No idea how this could have happened.  Every other local account was locked as well.
  I checked the AD on our 2003 server and I didn't see anything out of the norm.  The computers were in the correct OU, and were not disabled in anyway.  I searched online for a solution, but they all required me to be able to log on to the local
  admin, which is disabled.  
  I tried to boot to Safe Mode with a Command Prompt and typed in: net user administrator /active:yes .
   It told me that the change had been made, but when I reboot it still shows the local account as disabled.
  Any suggestions would be greatly appreciated.  
  Edit: It is Windows 7 Professional x64 

  I have had this issue twice as well. However I have been always been able to log in with local admin rights. removing then rejoining to domain seems to never get things back to normal for me. Once it is reset and joined back to the domain all software just
  seems to be missing but still there at the same time. Like Antivirus shows its installed in c:\program files but its not running. If I go to domain users start menu everything is missing but go into c:\program files and its all there. So every time I have
  seen this error a reimage is what I do seems to work a lot better than dealing with the head aches. Sorry I was not any help but that is my two cents.

• Trust Relationship Failed after Upgrading Surface Pro to Win 8.1

  I upgraded a Surface Pro to Windows 8.1 a few days ago. After the upgrade we are getting an error that says that "the trust relationship between this workstation and the primary domain failed". The Surface was joined to a Windows Server 2012 Essentials
  domain network before upgrading to Win 8.1.
  I brought the tablet back to my own office which is off the DC network and now it logs in without any problem, obviously using Cached Credentials.
  I found this
  blog post but I couldn't determine how it applies to my specific case. I do have a local Administrator's account that I can access.
  What could be causing this problem and what steps should I take to resolve it?

  I had someone else have a similar issue with a PC not surface and the solution was to disjoin it from the domain from rejoin it. I think that the upgrade process doesn't seem to retain all the settings correctly as my colleague lost some other stuff too
  during the upgrade. I've not tested it myself so can't really comment - but disjoin and rejoin should resolve the issue you are having. (I'm not sure why the person on the blog advises against this, as although there are other ways as mentioned - i've never
  had much success, whereas disjoin and rejoin fixes pretty quick.) Maybe others will share their thoughts on this. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Domain Trust Relationships in Windows Small Business Server 2011

  I have seen that SBS 2011 (and older SBS versions, apparently) do not 'support' Domain Trust relationships.
  Before coming across this information, I have already successfully created a trust relationship between a newly created SBS 2011 domain and an existing 2008 Domain, and everything seems to be working fine - users from one domain are recognized on the other,
  etc.
  So I was wondering - is the 'not supported' more of a 'you're on your own if it breaks', is this a violation of the license, or is it some sort of freak occurrence and I am extremely lucky to have gotten this to work.  This is actually my first time
  setting up a trust relationship and the entire process took about 10 minutes, so it seemed extremely easy for something that I now find out is unsupported.
  If it is a license violation, I'll remove the trust relationship immediately.  This is not a permanent configuration, just testing our software on the SBS2011 platform and domain trusts were the most expedient way of adding the SBS Domain users to the
  list of authorized users on our primary domain's SQL Server.
  Thanks in advance.

  From here, it says that the trust relationship is not supported for SBS: http://technet.microsoft.com/en-us/library/cc672124%28v=ws.10%29.aspx
  This means that this have not been tested by Microsoft and if you will have issues, you will not get supported from Microsoft.
  I don't think that this is a violation of the license but it will be better to check with a Microsoft licensing expert in your country.
  More if you ask them here: http://social.technet.microsoft.com/Forums/en-US/category/sbsserver
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft
  Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• SSRS Report Server Could not establish connection. The underlying connection was closed. Could not establish trust relationship for the SSL/TLS Secure channel

  Hi
  Had to un-install and then re-install MS SQL Server 2012 with SSRS.
  After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
  tab. We also do a similar exercise on the ReportServer page. 
  Any help warmly welcomed :D
  Thanks

  Hi Rich Whight,
  According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
  relationship for the SSL/TLS Secure channel.
  The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
  In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
  Add correct value to <UrlRoot> element.
  Add the same value to the <ReportServerUrl> element as step2.
  Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
  For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
  http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
  http://technet.microsoft.com/en-us/library/cc754841.aspx
  If you have any more questions, please feel free to ask.
  Best Regards,
  Wendy Fu

• Error 12703 VMM cannot establish a trust relationship SSL/TLS V2V

  Issue with V2V in VMM. I though I'd share this one. On a customer site doing a number of V2Vs and P2Vs via VMM. On the V2V it would create the object then fail with the message below where %ServerName is one of the Hyper-V hosts:
  12703 VMM cannot establish a trust relationship for
  the SSL/TLS secure channel for %ServerName;
  server.
  Install the certificate to the trusted
  people root store of the VMM server
  and then try the operation again.
  After much digging and testing I found it was an issue with VMM talking to the ESX host. Nothing to do with certs or the hyper-v hosts. I've worked round this issue by migrating the VM onto another ESX host. The ESX environment is going to be decommissioned
  anyway.
  Hope this helps someone out there.

  Please let us know if you are using
  SharePoint communicates to an external service via HTTPS 
  Please try perform following steps:
  Fix is to setup a trust between SharePoint and the server requiring certificate validation.
  In SharePoint Central Administration site, go to “Security” and then “Manage Trust”.  Upload the certificates to SharePoint.  The key is to get both the root and subordinate certificates on to SharePoint.
  The steps to get the certificates from the remote server hosting the WCF service are as follows:
  1.  Browse from IE to the WCF service (e.g., https://remotehost/service.svc?wsdl)
  2.  Right click on the browser body and choose “Properties” and then “Certificates” and then “Certificate Path”.
  This tells you the certificate chain that’s required by the other server in order to communicate with it properly.  You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to
  File” to save the certificate with the default settings.
  As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA.
  reference : http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
  If my contribution helps you, please click Mark As Answer on that post and
  Vote as Helpful
  Thanks, ShankarSingh(MCP)

• Set-IRMConfiguration failed with error "Cou ld not establish trust relationship for the SSL/TLS secure channel."

  Hi, experts 
  I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
  After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
  The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
  ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
  94/_wmcs/certification/server.asmx.
      + CategoryInfo          : InvalidOperation: (:) [Set-IRMConfiguration], Exception
      + FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
  Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
  Results : Checking Exchange Server ...
                - PASS: Exchange Server is running in Enterprise.
            Loading IRM configuration ...
                - PASS: IRM configuration loaded successfully.
            Retrieving RMS Certification Uri ...
                - PASS: RMS Certification Uri: https://server1/_wmcs/certification.
            Verifying RMS version for https://server1/_wmcs/certification ...
                - WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
            hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
             or AD RMS on Windows Server 2008 R2.
            Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
            //server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
            ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
            n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
               at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
            Request, Exception exception)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
            est asyncRequest)
               at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
               at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
            ct state)
               at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
               at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
               at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
               at System.Net.ConnectStream.WriteHeaders(Boolean async)
               --- End of inner exception stack trace ---
               at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
               at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
               at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
               at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
            uests)
               at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
               --- End of inner exception stack trace ---
               at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
               at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
            rviceType serviceType)
               at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
            OVERALL RESULT: PASS with warnings on disabled features
  From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
  On my opinion, I don't think it is the real reason.
  So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
  System Info:
  Windows Server 2008 R2 + Exchange Server 2010 SP3 RTM

  Hi
  Please have a try with the solution on this KB article
  “Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
  http://support.microsoft.com/kb/954584/en-us
  Cheers
  Zi Feng
  TechNet Community Support

• The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

  I tried to redeem a digital download copy of a movie and was presented the following error: 
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  Any guesses on what it is and how to resolve it?
  Thanks

  Hi
  Abhilash Francis,
  Could you tell us your scenario?  What's your project? Is it a WCF service?
  Looks like this is not a code issue.
  Just from the error information,
  it seems that you do not configure the service certificate very well so as to Server was unable to process request.
  I am not completely sure  what the real scenario is, but it might be a problem of that It is a WCF services application,  please check these following articles to configure the service certificate.
  If not, please feel free to let me know.
  How to: Configure an IIS-hosted WCF service with SSL
  Could not establish trust
  relationship for the SSL/TLS secure channel
  Hope this helps.
  Best regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Security database on the server doesn't have a computer account for this workstation trust relationship

  Hi,
  in our windows server 2008 R2 standard , we are facing this error "Security database on the server doesn't have a computer account for this workstation trust relationship " on an regular basis. we have did below mentioned teps to solve the issue
  1. Disjoin the system from Domain & joined it again.
  2. tested the computer secure channel connection.
  3. checked the DNS settings of server
  4.checked the computer account in AD which disabled or not.
  Everything was ok but after doing changes again after 2 - 3 days we are facing same error message.
  Please help to sort the issue on an urgent basis. 

  When the error happen, can you check the computer account in your AD's console (with advanced feature at on), to check the date it was updated and if the SID is the same ? (objectSID and pwdLastset)
  I guess someone try to domain join a computer with the same name, and flush your computer account at the same time.
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!