Lately users have been getting the following error when accessing a WCF services that uses Windows authentication.
"The trust relationship between the primary domain and the trusted domain failed."
Not all users are getting this error despite that they all belong to the same domain.
Trying to find a solution I came up with three options:
- Remove any inactive trusted domains from Active Directory
- In the local security policy of the server change the cache value of the “Interactive Logon: Number of previous logons to cache” to 0 (zero)
- Change the unhandled exception policy back to the default behavior of previous .NET Framework versions.
As we needed a quick fix, the tech guys picked the last option and added the following lines to the Aspnet.config in the %WINDIR%\Microsoft.NET\Framework\v2.0.50727 directory:
<legacyUnhandledExceptionPolicy enabled="true" />
After restarting the server the users could once again access the service.
I believe the second option of disabling the logons cache would be a better solution, but that one it yet to be tested.