Im trying to establish a trust between my on-premise domain and Azure AD Domain services managed domain.
The on premise side has added forwarders for both machine IPs and added the trust to the DC.
On the AADDS side after adding the trust information I am getting the following alert:
There is a problem with the trust for domain <mydomain>. Error: The security database on the server does not have a computer account for this workstation trust relationship.
Any advice or solution?
Thank you
@Slickrc23-6900 Where are you getting this error. What is the OS version of your domain controller. You might be getting error because of the Security Update - KB3134228 as it is necessary to install this patch on domain controllers.
Also, try removing the computer from domain and re-adding it.
This error displays in the Azure portal in the overview pane of my Azure Domain Services.
@Slickrc23-6900 Have you tried removing and rejoining the machine ? I suggest you to please open a support ticket if this doesn't resolve your issue. Please let me know if you have any limitation to open a support ticket and I will open a one time free support ticket for you.
Hi
For this kind of rejoin the machine to domain can fix this issue.
You can try also to reset secure channel password :
https://devblogs.microsoft.com/scripting/use-powershell-to-reset-the-secure-channel-on-a-desktop/
Please don't forget to mark this reply as answer it it helps you to fix your issue
Hello @Slickrc23-6900,
Thank you for posting here.
We can check prerequisites based on the information in the following link and establish trust as below:
Prerequisites
Sign in to the Azure portal
Configure DNS in an on-premises AD DS environment to support Azure AD DS connectivity
Create a one-way inbound forest trust in an on-premises AD DS environment
Create a one-way outbound forest trust in Azure AD DS
Test and validate the trust relationship for authentication and resource access
For more information, we can refer to the following link.
Tutorial: Create an outbound forest trust to an on-premises domain in Azure Active Directory Domain Services
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-forest-trust
Other information for your reference.
Tutorial: Create and configure an Azure Active Directory Domain Services managed domain with advanced configuration options
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance-advanced
Hope the information above is helpful.
Best Regards,
Daisy Zhou
Thank you for the response. I have followed all guidance by the documentation and get the error in Azure AD Domain Services alert/overview:
There is a problem with the trust for domain <mydomain>. Error: The security database on the server does not have a computer account for this workstation trust relationship.
Hello
We can run the following commands on both local DC and Azure DC.
On local DC
nslookup Azuredomain.com
nslookup AzureDcName.domain.com
nslookup IP of Azure DC
ping Azuredomain.com
ping AzureDcName.domain.com
ping IP of Azure DC
On Azure DC
nslookup Localdomain.com
nslookup LocalDcName.domain.com
nslookup IP of local DC
ping Localdomain.com
ping LocalDcName.domain.com
ping IP of local DC
For example:
Check if all the nslookup and ping work fine.
Best Regards,
Daisy Zhou
Hello @Slickrc23-6900,
Good day!
Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
Again thanks for your time and have a nice day!
Best Regards,
Daisy Zhou
Hello this was resolved by adding the proper conditional forwarders on the domain side.
Thank you.
Hello @Slickrc23-6900,
Thank you for your update. I am so glad that the issue was resolved.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!
Have a nice day!
Best Regards,
Daisy Zhou
2 people are following this question.
