User being requested to change password always

[Guest]

I have a user, who is being requested to change his password at every
start-up on a W2000 system. All users password has been set to expire in 60
days on the domain controller.

This is an isolated issue since none of the over 105 users are not being
prompted each time at start-up to change their password. Since domain-level
policy overides local level policy, when connected to the domain, I am not
sure if by changing the local policy will do the trick. I tried but it did
not work.

Please help.

TBone

 

[Steven L Umbach]

Have that user try using another computer on the network to see if the
problem still persists to help determine if it is a problem with the user
account or the computer he is logging into. Have him change his password
from another computer and check his account properties to see if they match
users that are not having the problem. Another thing to try is to manually
reset his computer account in AD Users and Computers to see if the problem
goes away. If the problem seems to be his computer, check Event Viewer for
any error messages and run the netdiag support tool on it to see if any
pertinent problems are found. --- Steve

 

[Guest]

I did try to logon with the user's credentials on a separate machine and it
didn't
prompted for a password change. It's a local problem. I'll check and compare
the account properties on my return to the Office tomorrow. Specifics will be
communicated. And also I'll check the Event Viewer for an error message.

Many thanks Steve,

TBone

 

[Steven L Umbach]

OK. I doubt it has anything to do with the users account properties then.
The KB below may be of interest to you. Oddly it does not really say what
causes the problem. --- Steve

http://support.microsoft.com/default.aspx?kbid=831571

 

[Guest]

After checking the Event Viewer, I found out that the system was logging
error messages with March 2005 dates. The system clock has been set to March
2005. Everything seems to work OK after changing the date to the current date.

Go figure!!!

Thanks again Steve, you were very helpfull.

TBone

 

[Steven L Umbach]

Wow. That is interesting. Thanks for reporting back what you found. I know
kerberos has a five minute time skew while ntlm has a half hour time skew
outside of which the authentication will not work. Glad you got it sorted
out. --- Steve