Windows 2000 User's can't change password

  • Thread starter Thread starter MadDog
  • Start date Start date
M

MadDog

This is strange. Starting yesterday, we've had users whose passwords have
expired try to change their passwords, but they can't. We have a password
complexity requirement and when the users try to change their password, the
change fails and the complexity requirement dialog box is displayed. I've
verified that the complexity issue has indeed been met. We have a test user
and I've verified that I cannot change the password. This user's password
was NOT close to expiring. On our FSMO role holder, I've run NETDIAG and
DCDIAG and both run clean with no errors. EventViewer looks clean too. No
replication problems (replmon).....No Group Policy problems (no errors in
logs).

We have had problems for a while with user accounts getting locked out
several times a day and have been unable to pinpoint the cause. It was
random and effected different users for a period of time, then 'moved on' to
different users.

The environment is as follows:

Windows 2003 servers (fully patched) Mixed mode, 14 locations, DCs in each
location, each DC is a GC server
XP & Windows 2000 Clients (fully patched)

Any thoughts would be appreciated,
Chris
 
"MadDog" <someone@microsoft.com> wrote in message
news:uply0youIHA.5244@TK2MSFTNGP02.phx.gbl...
> This is strange. Starting yesterday, we've had users whose passwords have
> expired try to change their passwords, but they can't. We have a password
> complexity requirement and when the users try to change their password,
> the change fails and the complexity requirement dialog box is displayed.
> I've verified that the complexity issue has indeed been met. We have a
> test user and I've verified that I cannot change the password. This user's
> password was NOT close to expiring. On our FSMO role holder, I've run
> NETDIAG and DCDIAG and both run clean with no errors. EventViewer looks
> clean too. No replication problems (replmon).....No Group Policy problems
> (no errors in logs).
>
> We have had problems for a while with user accounts getting locked out
> several times a day and have been unable to pinpoint the cause. It was
> random and effected different users for a period of time, then 'moved on'
> to different users.
>
> The environment is as follows:
>
> Windows 2003 servers (fully patched) Mixed mode, 14 locations, DCs in each
> location, each DC is a GC server
> XP & Windows 2000 Clients (fully patched)
>
> Any thoughts would be appreciated,
> Chris

UPDATE:

I found a KB article, that didn't exactly apply to this situation, but gave
it a shot. http://support.microsoft.com/?kbid=273004. It has worked on our
test user, but will wait to see if it works with others.

Now the difference for us is that we did have this policy defined: 2 days.
I've changed the minimum password age policy from 2 days to the kb article's
recommendation of 0 days. I'll post back any results.
 
"MadDog" <someone@microsoft.com> wrote in message
news:eg5EWKpuIHA.4376@TK2MSFTNGP06.phx.gbl...
> "MadDog" <someone@microsoft.com> wrote in message
> news:uply0youIHA.5244@TK2MSFTNGP02.phx.gbl...
>> This is strange. Starting yesterday, we've had users whose passwords have
>> expired try to change their passwords, but they can't. We have a password
>> complexity requirement and when the users try to change their password,
>> the change fails and the complexity requirement dialog box is displayed.
>> I've verified that the complexity issue has indeed been met. We have a
>> test user and I've verified that I cannot change the password. This
>> user's
>> password was NOT close to expiring. On our FSMO role holder, I've run
>> NETDIAG and DCDIAG and both run clean with no errors. EventViewer looks
>> clean too. No replication problems (replmon).....No Group Policy problems
>> (no errors in logs).
>>
>> We have had problems for a while with user accounts getting locked out
>> several times a day and have been unable to pinpoint the cause. It was
>> random and effected different users for a period of time, then 'moved on'
>> to different users.
>>
>> The environment is as follows:
>>
>> Windows 2003 servers (fully patched) Mixed mode, 14 locations, DCs in
>> each
>> location, each DC is a GC server
>> XP & Windows 2000 Clients (fully patched)
>>
>> Any thoughts would be appreciated,
>> Chris
>
> UPDATE:
>
> I found a KB article, that didn't exactly apply to this situation, but
> gave
> it a shot. http://support.microsoft.com/?kbid=273004. It has worked on our
> test user, but will wait to see if it works with others.
>
> Now the difference for us is that we did have this policy defined: 2 days.
> I've changed the minimum password age policy from 2 days to the kb
> article's
> recommendation of 0 days. I'll post back any results.
>
>
Changing to 0 days has seemed to solve the issue.
 
Back
Top