Active Directory Domains and Trusts Snap-in May Display Secure Channel Error Message (246264)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q246264

SUMMARY

The verify option in Active Directory Domains and Trusts snap-in may display an error message implying that a Secure Channel (SC) does not exist between selected domains.

MORE INFORMATION

Trust relationships between Windows domains occur over an SC. The Active Directory Domains and Trusts snap-in (Domain.msc) and Nltest.exe command line utility both issue Query and Reset commands to validate or reset the integrity of trust relationships.

An SC query operation in the Active Directory Domains and Trusts snap-in or Nltest.exe does not initialize the SC. The query merely determines whether or not the SC is set up. An SC initializes on the first attempt to use the SC or when the Domain.msc and Nltest.exe files issue the Reset command.

If you use the Active Directory Domains and Trusts snap-in Verify command in such a situation, the following error message may appear:
The Secure Channel (SC) query on domain controller <Domain Controller Name> of domain <Domain Name> to domain <Domain Name> failed. An SC reset is attempted.
This error occurs (by default) if you just restarted the computer. This also occurs if you create a trust and do not initialize an SC.

If the trust is valid, the SC initializes after the Reset command, and verification of the trust is correctly reported as healthy.
Modification Type:MinorLast Reviewed:1/26/2006
Keywords:kbenv kberrmsg kbinfo KB246264
©2004 Microsoft Corporation. All rights reserved.