Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Users Cannot Change Password on Login

Status
Not open for further replies.
LtDan

LtDan

MIS
Jun 11, 2001
2
0
0
US
Ok,

You read this thinking this was an easy one.

We have two BDC's on 'my side of town' that communicate to the PDC over a fairly good WAN link. This problem is isolated to my side of the WAN.

When users passwords expire, and they get the GUI (at logon) to make a new password, they change their password, then receive a meesage saying "You cannot Change you password at this time... Please Contact your system administrator"

Things I have checked:

1. The "User must log on to change password" box is NOT checked in Account Policies in User Manager (there went the easy solution, sorry)

2. I can ping the PDC by name and IP

3. If I force Replication, the SAM updates successfully on the PDC (as per the PDC and BDC event logs)

4. All client settings are correct (WINS, TCP/IP addys, etc.)


We did just switch to a new PDC, and there is a new secondary WINS server..... but these were on our Network 5 months or so b/f this problem started showing up late last year.

Any steering in the right direction would be appreciated, as I have run out of investigative options to choose from.



Thanks,

Dave
 
Sort by date Sort by votes
HI.

Check again for name resolution using LMHOSTS files with #PRE & #DOM on a test workstation.

What OS on client machines?
Did you check if it is client OS related?

What do you see in Event logs (server and client)?

Does any of the routers on the wan link do filtering?

Can the PDC ping the clients at your side by name?

Is WINS realy synchronised?

Bye

Yizhar Hurwitz
 
Upvote 0 Downvote
does it happen on a particular cient on your network or on all the machines? what os is the client running? if it is a win9x client, have you tried deleting the .pwl file?
have you tried getting the user to log in, then do a CTRL-ALT-DEL (if it is a NT client) and try to change the password to see if it goes through?
 
Upvote 0 Downvote
Definitely sounds like the entry for the PDC in the WINS server might be incorrect. Check both WINS servers and verify that the entry for the PDC is correct.
 
Upvote 0 Downvote
Whoa,

Thanks for all the ideas....

The clients are a mix of NT4 and Win2K

Checking out the reponses, I will definitely do some more WINS investigation , especially with the info at that link.

From there, it's on to routing issues, I would guess.

Thanks,

Dave
 
Upvote 0 Downvote
Dave,

This same issue happened to me. Noting that your PDC is over a WAN link then almost exclusively your users will validate through your 'local' BDC. Check in the User Manager under policies/account and look at the bottom of the page for a selection called 'users must log on in order to change password'. If this is checked....that's your prob.
 
Upvote 0 Downvote
Sorry Dave,

I should learn to read.

My apologies...
 
Upvote 0 Downvote
We had exactly this problem and I checked all the items you mentioned,
I resolved this by changing all client PC's to Enable WINS, typed in the Primary and secondary WINS IP and set one BDC's per remote site to be wins servers. After the client restart they could all change their passwords.
Worked for me
Good luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
53
strongm
strongm
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
64
RRankin355
RRankin355
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
73
StevenFromSouth
StevenFromSouth
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
61
mikehook
mikehook

Part and Inventory Search

Sponsor

Back
Top