none
Docker Container with GSMA Loose Trust relationship after a few days RRS feed

  • Question

  • We got multiple ASP.Net Core and .Net 4.5/4.6 Containers with Kerberos Authentication

    Windows 2016 Process Containers - no 1709 and so on

    Most Containers use: microsoft/iis as base image

    In these Containers we Use the "User.IsInRole()" .Net Function to ensure Group Membership from Active Directory

    After a undefined Runtime of the Containers these .Net Function Fail with follow Exception:

    The trust relationship between this workstation and the primary domain failed
    
    System.Security.Principal.NTAccount.TranslateToSids()...

    but when i cmd into the Containers and test domain trust with "nltest /parentdomain" it completed successfully also with the Powershell command Test-ComputerSecureChannel also works

    when we restart the container(sometimes twice) the webapplication start working again.

    Don't have any clue anymore where to look.

    Thx in advance for any ideas


    Backreference to github issue

    https://github.com/moby/moby/issues/37459


    Its the ghost in the machine how dont let me go in vadication :-)




    Friday, July 13, 2018 9:55 AM

All replies

  • When i restart the netlogon service in the Container itself, it starts working on the Container again.

    So its not the .Net Code itself

    And also the GMSA Account we use don't changed the Password when the error comes up(checked with adsi and Attribute pwdLastSet

    When we restart all Containers on all docker hosts at the same time, a couple one fail with the same error


    Its the ghost in the machine how dont let me go in vacation :-)





    Friday, July 13, 2018 10:28 AM