The trust relationship between the primary domain and the trusted domain failed when Publishing feature is enabled

Question

I got the following error in my SharePoint 2013 environment:

[SystemException: The trust relationship between the primary domain and the trusted domain failed.
]
   System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1085
   System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +52
   System.Security.Principal.NTAccount.Translate(Type targetType) +181
   Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim) +310
   Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix) +379
   Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String fullName) +209
   Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, SPAppPrincipalToken appPrincipalToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous) +40779177
   Microsoft.SharePoint.SPSite.get_Request() +323
   Microsoft.SharePoint.SPSite.OpenWeb(Guid gWebId, Int32 mondoHint) +60
   Microsoft.SharePoint.Publishing.CachedObjectFactory.OpenWebFromSuperUserSite(Guid webId) +655
   Microsoft.SharePoint.Publishing.CacheManager..ctor(SPSite site) +1276
   Microsoft.SharePoint.Publishing.CacheManager.GetManager(SPSite site, Boolean useContextSite, Boolean allowContextSiteOptimization, Boolean refreshIfNoContext) +1115
   Microsoft.SharePoint.Publishing.Internal.WebControls.PublishingRibbon.OnLoad(EventArgs e) +150
   System.Web.UI.Control.LoadRecursive() +71
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Control.LoadRecursive() +190
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3178

I upgraded from SharePoint 2010. I do not have this issue in SP2010.
From the exception it looks like something to do with Publishing feature, so I disabled this feature, and this error is gone. I also found this issue only occurs for certain users.

I found this article http://blogs.technet.com/b/spsforum/archive/2011/11/02/quick-solution-2-the-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed.aspx, It is in SP2007 and says you can remove the invalid users from Shared Service Provider. However, I am in SP2013 cannot find a way remove invalid users. I guess the Publishing cache feature is using some invalid user ids, but how can I remove these users?
Do can you please suggest other directions to investigate?

Answer 1

Not exactly sure if these will fix all your issues but I would try some: While you upgraded can I assume you've been migrating your web applications to Claims at least following MSDN guides, which also involves migrate Users to claims? Also using the Move-SPUser could have an impact on the Cache accounts as described here

And because Publishing sites also make use of the Caching Profiles (Anonymous, Intranet, Extranet) and relies on the Object Cache Accounts. Have you tried creating a new Web Application using the Publishing template and see if that behaves as expected? Also, as no mention, i suspect you haven't deployed own custom caching mechanism? Not sure if will help, as normally that should be flushed during migration, but you could attempt flushing those out, to start fresh. One article here explains that When would you flush the cache of a SharePoint web application? .

As for the users, maybe enabling Filters to ignore Disabled accounts in AD, in your Connection under User Profiles would already clean-up a bit.

Answer 2

According to Microsoft there are 3 possible causes for your issue:

1. The trust relationship between primary domain was broken.
2. Firewall blocked the connections used for establish trust connection
3. Configuration caches was corrupted

Possible Solutions:

1. Verify the trust (http://technet.microsoft.com/en-us/library/cc737447.aspx) and try to recreate the trust (http://technet.microsoft.com/en-us/library/cc758857.aspx)
2. Temporarily stop the firewall in both servers to verify whether this is the cause of the issue. If this the cause of the issue, Open ports 1025 and 1026 used to RPC session for SharePoint. see KB899148 (http://support.microsoft.com/kb/899148) for more information.
3. Open Start > Run and type %allusersprofile% to open all users’ profile folder. Navigate to Microsoft\SharePoint\Config[GUID] folder. You should see a cache.ini file and lots of XML document. Delete all the XML document. Edit cache.ini, change the number to 1. Save and close it. Restart Windows SharePoint Services Timer in Services