Do you get the same results with netbios vs UPN logon? -Bonnie
-----Original Message----- From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Wednesday, February 17, 2016 1:41 PM To: ntsysadm <ntsys...@lists.myitforum.com> Subject: [NTSysADM] My ignorance is showing again... We have two separate, untrusted forests - DMZ and production. Production is at DFL/FFL 2008. DMZ is at DFL/FFL 2012R2 I changed a password for an account in the DMZ forest, setting it to require change at next logon. User cannot RDP from machine in production forest to machine in DMZ forest because the password must be changed first. User cannot change password on machine in production forest for account in DMZ forest using ALT+CTRL+DEL, because he's getting the message: "configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied." I know I can unset the requirement to change the password at next logon, but that seems silly, because then I can't enforce having him change it without standing over his shoulder while he does it. How the heck can I do this? I've tried with my own user accounts, and have confirmed the problem. Kurt
