Creating External Trusts May Succeed with Cached Password (242770)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
This article was previously published under Q242770 SYMPTOMS
When you create a trust relationship successfully, delete it, and re-create it with incorrect passwords, the trust may be (mistakenly) successfully re-created. This behavior can occur with down-level and external trusts, and can occur if you:
- Create one direction of trust successfully.
- Create a second direction of trust successfully.
- Delete the second direction of trust.
- Re-create the second direction of trust with an incorrect password. The trust is created successfully with the incorrect password.
NOTE: This is not a problem when you are resetting trust relationships. The correct password must be entered for the old password to be changed.
CAUSE
The Netlogon service caches old passwords for trusts. Until a trust is completely destroyed, old passwords are available to validate a trust created with an incorrect password.
RESOLUTION
To correct this, delete the trust from both sides of the trust relationship.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Major | Last Reviewed: | 10/10/2002 |
|---|
| Keywords: | kbenv kbprb KB242770 |
|---|
|