Here is a weird one: 2 forests with one way forest trusts: forestA.com trusts forestB.com
I try to schedule a a task on host.forestA.com with account FORESTA\user (tried everything up to member of Enterprise Admins, Domain Admins, BUILTIN\Administrators) and I get "0x80070005 Access Denied" error - bad credentials, when submitting the task (tried both GUI and schdtasks.exe) The same task can be scheduled using CHILD_OF_FORESTB\user account (notice that the host is in forestA and forestB accounts are OK, but it's own accounts are denied). Local machine's accounts are also fine - the problem is only with host's forest accounts. This happens on all W2K3 servers and ONLY on W2K3 (XP, W2K are fine). Wrapping the same task with joe's CPAU resolves the issue and the task is executed correctly. I tried to sniff the traffic, but it looks like the task scheduler does not even try to authenticate the forestA accounts. In our test environment the scheduled tasks do work as expected, but there we currently have 2-way forest trust and some other things not yet implemented in production, so I can not rely on the test environment regarding this issue. I am starting to run out of ideas here... Guy List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
