Microsoft KB Archive/242770

= Creating External Trusts May Succeed with Cached Password =

Article ID: 242770

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6

-



This article was previously published under Q242770



SYMPTOMS
When you create a trust relationship successfully, delete it, and re-create it with incorrect passwords, the trust may be (mistakenly) successfully re-created. This behavior can occur with down-level and external trusts, and can occur if you:
 * 1) Create one direction of trust successfully.
 * 2) Create a second direction of trust successfully.
 * 3) Delete the second direction of trust.
 * 4) Re-create the second direction of trust with an incorrect password. The trust is created successfully with the incorrect password.

NOTE: This is not a problem when you are resetting trust relationships. The correct password must be entered for the old password to be changed.



CAUSE
The Netlogon service caches old passwords for trusts. Until a trust is completely destroyed, old passwords are available to validate a trust created with an incorrect password.



RESOLUTION
To correct this, delete the trust from both sides of the trust relationship.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbenv kbprb KB242770

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.