Microsoft KB Archive/246264

From BetaArchive Wiki
Knowledge Base

Active Directory Domains and Trusts Snap-in May Display Secure Channel Error Message

Article ID: 246264

Article Last Modified on 2/28/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

This article was previously published under Q246264


The verify option in Active Directory Domains and Trusts snap-in may display an error message implying that a Secure Channel (SC) does not exist between selected domains.


Trust relationships between Windows domains occur over an SC. The Active Directory Domains and Trusts snap-in (Domain.msc) and Nltest.exe command line utility both issue Query and Reset commands to validate or reset the integrity of trust relationships.

An SC query operation in the Active Directory Domains and Trusts snap-in or Nltest.exe does not initialize the SC. The query merely determines whether or not the SC is set up. An SC initializes on the first attempt to use the SC or when the Domain.msc and Nltest.exe files issue the Reset command.

If you use the Active Directory Domains and Trusts snap-in Verify command in such a situation, the following error message may appear:

The Secure Channel (SC) query on domain controller <Domain Controller Name> of domain <Domain Name> to domain <Domain Name> failed. An SC reset is attempted.

This error occurs (by default) if you just restarted the computer. This also occurs if you create a trust and do not initialize an SC.

If the trust is valid, the SC initializes after the Reset command, and verification of the trust is correctly reported as healthy.

Keywords: kbenv kberrmsg kbinfo KB246264