Cannot change P/W in Outlook from remote untrusted domain

[gjb]

Hi,

We host Exchange 2K/W2K for a large no of remote clients. Each remote site
has its own domain/workgroup and use Outlook to connect to our domain for
mail. None of these domains are trusted and clients are prompted for the
username/password when Outlook is started. All is OK apart from being able
to change the password.
I have implemented Q237611 - XCLN: Client Unable to Change Windows NT or
Windows 2000 Password, but the problem still persists.
Can anyone suggest any further areas of investigation or solutions.?
Also can someone confirm what firewall ports would need to be open for the
password change to complete successfully.?

Thanks,

Gerry

 

[BP]

Usually Lan ports are closed to internet external on firewalls
for a reason, like to stop intrusion onto local lan and password
verification that relies on netbios ports. Don't believe they
all need to be open, but have run into this in the past with
ACL's on Cisco routers blocking NTLM authentication.
Windows 2k supports transitive trusts by default when
sites are added but sounds like topology is disconnected
so static trusts would be an ideal fix over that of opening
ports and such. If trust created you need to add a static
wins record for the DC of the remote domain in your
wins database or failure is emanate.
Typical Ports:
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service