Compartilhar via


Quick Solution 2 : The trust relationship between the primary domain and the trusted domain failed

Error Message 

[OWSTIMER][ProfileDatabaseSequence] [ERROR] [4/5/2011 10:45:25 AM]: Action 14.0.17.0 of Microsoft.Office.Server.Upgrade.ProfileDatabaseSequence failed.
[OWSTIMER] [ProfileDatabaseSequence] [ERROR] [4/5/2011 10:45:25 AM]: Exception:The trust relationship between the primary domain and the trusted domain failed.
[OWSTIMER] [ProfileDatabaseSequence] [ERROR] [4/5/2011 10:45:25 AM]: at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)
at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
at Microsoft.Office.Server.Upgrade.UserProfileAclUpgrader.DoUpgrade()
at Microsoft.Office.Server.Upgrade.ProfileDatabaseAction.Upgrade()
at Microsoft.SharePoint.Upgrade.SPActionSequence.Upgrade()
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:Begin Rollback()
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:End Rollback()
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:Begin Dispose()
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:End Dispose()
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:SQL Query Count=8
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:SPRequest Objects=4
[OWSTIMER] [UserProfileAclUpgrader (14.0.17.0)] [DEBUG] [4/5/2011 10:45:25 AM]:Execution Time=598.815491913078
[OWSTIMER] [SPUpgradeSession] [ERROR] [4/5/2011 10:45:25 AM]: Upgrade [ProfileDatabase Name=SharedService00_UserProfile_43a8a0e5322149d...] failed.
[OWSTIMER] [SPUpgradeSession] [ERROR] [4/5/2011 10:45:25 AM]: Inner Exception:The trust relationship between the primary domain and the trusted domain failed.

 

Causes 

While upgrading from SharePoint Server 2007 to SharePoint Server 2010, the upgrade process will check the user permissions for personalization. In the verification, the upgrade process gets each account’s SID from the database, and then tries to translate it to NTAccount.

The general steps are:

  1. The upgrade process get all Shared Service Provide(SSP) user permissions' settings for personalization from the SSP database using stored procedure dbo.proc_MIP_GetObject(You could use parameter 1F4CF7D3-51DC-49CB-8A5B-E05C5EAF318A to execute the stored procedure)

    The returned ACEs should be like:   < ?xml version="1.0" encoding="utf-16"?> < Acl> < Ace IdentityName="NIHAO\administrator" DisplayName="NIHAO\administrator" SID="AQUAAAAAAAUVAAAAPrara24ehw3RvYe99AEAAA==" Rights="63" /> < Ace IdentityName="NT AUTHORITY\Authenticated Users" DisplayName="NTAUTHORITY\Authenticated Users" SID="AQEAAAAAAAULAAAA" Rights="3" /> < Ace IdentityName="NTAUTHORITY\NETWORK SERVICE" DisplayName="NT AUTHORITY\NETWORK SERVICE" SID="AQEAAAAAAAUUAAAA" Rights="63" /> < /Acl>

  2. The upgrade process uses the SID from the returned ACEs to translate the account to NTAccount using method TranslateToNTAccounts.

 

If the SID is invalid, the translation will fail, and you may encounter the error as shown in the error message. 

Solutions 

To fix the issue, please follow these steps:

  1. Open the SSP
  2. Click the "Personalization services permissions"
  3. Remove the user or group that is invalid

 

In order to confirm which account caused the issue, you can use the following code:

 SecurityIdentifier identity = new SecurityIdentifier(Convert.FromBase64String("<SID got from the database>"), 0);
 
 string str = ((NTAccount)identity.Translate(typeof(NTAccount))).ToString();
 

Comments

  • Anonymous
    August 26, 2014
    I have same error on SharePoint 2013 platform. Can you tell me how exactly I need to find those SIDs...
  • Anonymous
    July 29, 2015
    I am having the same error while upgrading from sharepoint 2010 to SharePoint 2013, there is no SSP in SP2013 anymore, how can we remove a user?