Return-Path: owner-ntbugtraq@LISTSERV.NTBUGTRAQ.COM MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Mon, 21 Jun 1999 13:36:50 -0500 Reply-To: Kevin Sender: Windows NT BugTraq Mailing List From: Kevin Subject: Possible bug using NTLMv2 across trusted domains. To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM I believe I have found a problem with NTLMv2 authentication across trusted domains. the setup: DomainA (PDC-A and BDC-A both SP4) DomainB (PDC-B and BDC-B both SP4) Two-way trust exists between DomainA and DomainB client machine (Client1) tested with both SP4 & SP5 resides in DomainA When I add the value LMCompatibilityLevel in HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA and set it at 3 (send NTLMv2 response only) everything works fine while I am in DomainA. However, attempting to access resources in DomainB fails. The error NT reports when I attempt to access a share on the remote domain, or when I try to view DomainB in Server Manager or User Manager for Domains, is "the trust relationship between the primary domain and the trusted domain failed." When I change the registry entry back to '1' everything works as it should and I assume that I am using NTLMv2 over my local domain and NTLM when accessing resources on remote domains. I saw nothing in the KB article about multiple domains. Can anyone out there verify these findings? Kevin T. Neely MCSE Systems Administrator, Interliant Inc.