![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
If a firewall is in-between the domains, have the firewall logs been checked to see if anything is getting blocked / dropped?
Event 3210 & 5722 on Trust Relationship between two domains
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 55.00000000000001%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AxLL
1
Reputation point
Hi all,
We have a problem from two days between DC from two of our domains.
We are getting some NETLOGON events that say the servers can't be authenticate on the other domain (another computer is already know ....)
And I don't see how we can solve it without deleting the relationship and recreating it. But if we do that, I guess we could lost all access right on shared folder or certificates provide from a domain to the other.
Currently, we can add access right for users in each domains but we can't provide certificate for specific application that we need.
When I tried to validate the trust relationship, the wizard tell me that we need to update the secure channel password, but it failed because access denied and because it said that another computer...
anyone has a solution for us ? I find only solution to repair the secure channel for computer in the same domain, but not between two domains (and domains controller)
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
4 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 45,026 Reputation points2022-05-27T07:26:04.4+00:00 Hello
Thank you for your question and reaching out. I can understand you are having issues related to Replication between DCs.
- Please try to check (from PowerShell) Test-ComputerSecureChannel and if it returns False then attempt a repair
Test-ComputerSecureChannel -Repair - Please try to Disable any Antivirus program or Windows firewall you may have for temporary purpose.
- Please verify Date and Time should be synced with both DCs
- Please download AD Replication status tool and verify that AD health is good.
https://www.microsoft.com/en-in/download/details.aspx?id=30005
- Run dcdiag and repadmin /syncall command to retry to sync AD replication.
--If the reply is helpful, please Upvote and Accept as answer--
- Please try to check (from PowerShell) Test-ComputerSecureChannel and if it returns False then attempt a repair
-
AxLL 1 Reputation point
2022-05-27T08:03:59.833+00:00 Hi both,
the both AD are on the same room and don't have any firewall behind.
no change on anti-virus and the trust relationship worked fine during one year or more.about the test-computersecurechannel, I already try this, it works fine on BDC of each domain, but not on primary. But I read this is normal and this command only indicate status with your domain controller, not for trust relationship between two domains. and for repadmin and dcdiag
date and time are the same on each DC form both domain.
for dcdiag and repadmin, it's the same that test-computersecurechannel, only for trust relation on the same domain, not for trust relationship between two domains.
the AD Replication status tool is cool, I didn't know it, but I'm not in the same forest and it don't check the relationship.
-
AxLL 1 Reputation point
2022-05-30T09:59:55.797+00:00 Hello All,
So, today, all are working.... and I didn't do anything....