Advertisement

07.03.2008 at 06:55AM PDT, ID: 23536828 | Points: 500
[x]
Attachment Details

Cross-forest password change not operable - http://support.microsoft.com/kb/890953

Asked by elmhagel in Domain Name Service (DNS), Windows 2000 Operating System, Windows 2003 Server

Tags: Microsoft, AD, 2000, 2003, Forest Trust

Hi,

the network consists of the following setup:
*One native Windows 2000 forest, only Windows 2000 with SP4 DCs are used.
*One mixed Windows 2000/2003 domain, Windows 2000 with SP4 and Windows 2003 with SP1 DCs are used.
*Bidirectional non-transitive trusts are established between every domain of both forests.

I experience the following exact error condition described by MS:
http://support.microsoft.com/kb/890953

The mentioned hotfix was applied onto all systems, but error still occurs.

The following scenario is used to reproduce this error:
User logs on with switch set "User must change password at next logon" to a workstation from the other forest. Password change dialog box appears and in article mentioned error pops up. Happens bidirectional.

Workaround:
1) If UPN name (e.g. user@domain.com) is used at logon, password change operates properly.
2) If in the NW settings on the workstation the DNS suffix search list is extended by the DNS domain of the trusted domain, the password change operates properly, too.

Unfortunately are both workarounds not feasible to be rolled out to the production environment.

Already tested non-operable workarounds are:
1) Static WINS entries (1Bh, 1Ch entries) in WINS environment and lmhosts.
2) Using DNS secondary zones for cross-forest resolution instead of delegations.

If additional details are necessary, don't hesitate to post them.

Help is very much appreciated.
BR
ElmarStart Free Trial
[+][-]07.11.2008 at 09:21AM PDT, ID: 21983743

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.18.2008 at 03:28PM PDT, ID: 22040357

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.18.2008 at 03:33PM PDT, ID: 22040390

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.18.2008 at 03:39PM PDT, ID: 22040421

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.18.2008 at 05:48PM PDT, ID: 22040960

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628