Forum Discussion
Solved
Trust relationship failed - Cannot logon to Azure VM with domain or local user
Hi,
so we've got 3 VMs. A domain controller and 2 ADFS servers in Azure. For unknown reasons, the trust relationship failed between the two ADFS servers and the domain. I therefore cannot logon...
- well the only thing i can think to mention is that you could consider 2 DC's in an availability set. Perhaps you single DC experienced a crash, have you created a new site topology for Azure in your ADDS configuration ? if you need to recover the VM's i would suggest using nested virtualization in another vm.
Azure recommends the following Create a separate virtual data disk for storing the database, logs, and SYSVOL for Active Directory. Do not store these items on the same disk as the operating system. Note that by default, data disks that are attached to a VM use write-through caching. However, this form of caching can conflict with the requirements of AD DS. For this reason, set the Host Cache Preference setting on the data disk to None. For more information, see Placement of the Windows Server AD DS database and SYSVOL.
Deploy at least two VMs running AD DS as domain controllers and add them to an availability set.
We double checked all the settings and services and weren't able to identify any issues. However, after restarting the domain controller in Azure and then restarting both ADFS machines, we were able to login via RDP and a local admin account. To me it seems like some service on the domain controller did not work as intended. Unfortunately we were not able to track this down any further.
One thing you may want to consider, it happens to me often. Windows has the "network awareness service" it determines the Firewall profile. if the DC or the ADFS server are unable to contact a valid ADDS DNS server the profil may go to public. I like to delay the start up of this service on my ADDS servers, for unknown reasons sometimes it failes to validate its location if i dont.