Hi,
the network consists of the following setup:
*One native Windows 2000 forest, only Windows 2000 with SP4 DCs are used.
*One mixed Windows 2000/2003 domain, Windows 2000 with SP4 and Windows 2003 with SP1 DCs are used.
*Bidirectional non-transitive trusts are established between every domain of both forests.
I experience the following exact error condition described by MS:
http://support.microsoft.com/kb/890953The mentioned hotfix was applied onto all systems, but error still occurs.
The following scenario is used to reproduce this error:
User logs on with switch set "User must change password at next logon" to a workstation from the other forest. Password change dialog box appears and in article mentioned error pops up. Happens bidirectional.
Workaround:
1) If UPN name (e.g. user@domain.com) is used at logon, password change operates properly.
2) If in the NW settings on the workstation the DNS suffix search list is extended by the DNS domain of the trusted domain, the password change operates properly, too.
Unfortunately are both workarounds not feasible to be rolled out to the production environment.
Already tested non-operable workarounds are:
1) Static WINS entries (1Bh, 1Ch entries) in WINS environment and lmhosts.
2) Using DNS secondary zones for cross-forest resolution instead of delegations.
If additional details are necessary, don't hesitate to post them.
Help is very much appreciated.
BR
Elmar
Start Free Trial
