I have to say that seems to be a weird one... But I am glad that cpau helps it work for you. :o)
Are you doing this remotely? What happens if you sit down on host.forestA.com with a forestA userid and try to schedule the task? Also can you try to schedule it remotely with just the IP address? If that works, the issue is probably somewhere in kerberos and I would start looking for ker errors and verify SPN's are properly registered and time between the machines is correct, etc. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent: Wednesday, October 27, 2004 3:11 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] A weird one (or Joeware vs. MS) Here is a weird one: 2 forests with one way forest trusts: forestA.com trusts forestB.com I try to schedule a a task on host.forestA.com with account FORESTA\user (tried everything up to member of Enterprise Admins, Domain Admins, BUILTIN\Administrators) and I get "0x80070005 Access Denied" error - bad credentials, when submitting the task (tried both GUI and schdtasks.exe) The same task can be scheduled using CHILD_OF_FORESTB\user account (notice that the host is in forestA and forestB accounts are OK, but it's own accounts are denied). Local machine's accounts are also fine - the problem is only with host's forest accounts. This happens on all W2K3 servers and ONLY on W2K3 (XP, W2K are fine). Wrapping the same task with joe's CPAU resolves the issue and the task is executed correctly. I tried to sniff the traffic, but it looks like the task scheduler does not even try to authenticate the forestA accounts. In our test environment the scheduled tasks do work as expected, but there we currently have 2-way forest trust and some other things not yet implemented in production, so I can not rely on the test environment regarding this issue. I am starting to run out of ideas here... Guy List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
