You may decide to configure a two-way external trust or a two-way forest trust to use selective authentication for the outgoing side of the trust but not for the incoming side in Microsoft Windows Server 2003. In this scenario, the authentication settings appear to be incorrect when you view the properties of the trust in the Active Directory Domains and Trusts snap-in. When you click Properties for either side of the trust, and then you click the Authentication tab, the properties of both the outgoing and the incoming trusts appear to be configured to use the selective authentication setting.
↑ Back to the top
This problem occurs because only the authentication settings for the outgoing trust are displayed when you click Properties and then click the Authentication tab in the Active Directory Domains and Trusts snap-in. This is true when you click either the outgoing side or the incoming side of the same trust and then view the authentication settings. By clicking Properties for either side of the trust, you generate the same Properties dialog box. Therefore, although the incoming trust appears to also be configured for selective authentication, this is not the case.
↑ Back to the top
To view the correct authentication settings for the incoming side of the two-way external trust or of the two-way forest trust, connect to a domain controller in the trusted domain, and then use the Active Directory Domains and Trusts snap-in to view the authentication settings for the outgoing side of the same trust.
↑ Back to the top
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
↑ Back to the top
For more information about how to manage trusts in Windows Server 2003, see the "How to Manage Trusts" and the "Understanding Trusts" topics in the Active Directory section of the Windows Server 2003 product documentation. To view this documentation, visit the following Microsoft Web site:
↑ Back to the top