The trust relationship between the primary domain and the trusted domain failed

This error message appears on machines running EPiServer 4.60 (or later) in a .NET Framework 2.0 environment when trying to log on to an EPiServer site using a windows account when not connected to your main domain.

The reason behind the error lies within code changes made to the ASP.NET framework in version 2.0. This problem will primarily occur on laptop machines since they are frequently detached from the domain network. Stationary workstations and servers should rarely be affected by this error as they are more or less permanantly connected to the domain.

If you wish to set up an EPiServer installation in a .NET Framework 2.0 environment on a machine that you know will be detached from the domain network from time to time, you should not rely on windows accounts for authentication on the EPiServer site. Instead you should use pure EPiServer accounts, i.e. accounts that have been created in EPiServer and exist only in the EPiServer database.

We consider this error to be an issue with .NET 2.0 rather than a bug in EPiServer.

Workarounds

We currently know of two ways to work around this issue.

1 - Change the unhandled exception policy back to the default behavior of previous .NET Framework versions.

Add the following code to the Aspnet.config file located in

%WINDIR%\Microsoft.NET\Framework\v2.0.50727

<configuration>

    <runtime>

        <legacyUnhandledExceptionPolicy enabled="true" />

    </runtime>

</configuration>

2 - Create local WebEditors and WebAdmins groups on the web server. These will disable the domain checks and when authenticating EPiServer users, these local windows groups will not be used.