Search code examples
tfsazure-devops-server-2019

How resolve error "system.security.principal.windowsidentity - The true relationship between the primary domain and the trusted domain failed"?

I'm using TFS 2017 update 1 on premises in a windows server 2012 r2 (I plan to upgrade to Azure DevOps Server 2019 update 1.1 by the end of year) In the meantime I have a very big problem with following settings: - the service account (user with whom TFS runs) is configued in a 'domain1' - the service account has permissions (configured by windows s.o.) for viewing users for another 'domain2' - 'domain1' is trusted with 'domain2' (trust properly works by windows s.o.)

The problem is when I try to add users from 'domain2' by TFS web interface. I have following two problems:

1) from http://servername/tfs/_admin/_licenses users of 'domain2' are not displayed and so I cannot select them

enter image description here

2) from http://servername/tfs/CollectionName/ProjectName/_admin/_security I succeed in displaying users of 'domain2' but ...

enter image description here

... when I try to select them I obtain following error:

enter image description here

Is it a know bug of TFS 2017 update 1? By windows the trust properly works, by TFS I have problems above described. How can I resolve them? Maybe I miss to configure some settings in trust, what could be? Is there any official documentation provided by Microsoft in order to use TFS-DevOps with trusted domains?

Solution

  • According to the error info The trust relationship between the primary domain and the trust domain failed. It seems there's the trust issue in your two domains.

    As troubleshooting:

    1. You can verify the trust between 2 domains via Windows interface or command line. For details , you can refer to this ticket.

    2. Trying to remove current machine from the domain and then re-join it to the domain. You can refer to this case with similar issue.