locked
Trust Relationship error after Cross-Forest User Password reset RRS feed

  • Question

  • Hello,

    We are experiencing an interesting error for a number of devices throughout the estate.

    All impacted devices are Win7 SP1 in domain A, and all users logging on to the devices exist in domain B.

    Each time a user executes a password reset from the Windows Security/Logon interface (usually as a result of password policy prompts) the user is presented with a classic Trust relationship error that would normally indicate the device is no longer connected to the domain. The error itself however seems to be a red herring.

    Once the user clicks OK past the error, the user can continue as normal subsequent relogs can be done successfully with the new password set by the user and the device itself has not lost trust with the domain. My only explanation for this is that for some reason the error is being generated by the DC on domain B after it successfully changes the users password to say "hold on, the device you're on isn't on my domain", but I'm unsure why this would have started occurring especially in a two-way forest trust.

    I'm a little stumped with this, all googling and searching through these forums seem to direct me to issues whereby the device itself does actually lose connection to the domain for various reasons, rather than just a misleading error.

    I don't suppose anyone has ever come across anything similar before?

    Cheers,

    Monday, January 11, 2016 10:55 AM

Answers

  • You may want to check the following thread:

    https://social.technet.microsoft.com/Forums/windows/en-US/a52bc0a7-75c1-4a79-a9b6-77ddb9bcba75/problem-to-change-password-between-two-trusted-domains?forum=winserverDS

    Uninstalling KB3081320, KB3101746, and KB3101246 stopped this issue from happening,  though I don't find that to be a great long term solution. 

    • Marked as answer by Marc3742 Monday, January 18, 2016 10:10 AM
    Monday, January 11, 2016 3:53 PM