I'm running RDP client version 6.3.9600, but my web searching isn't revealing to me if that's the latest version or not.
And, I'm wrong on one thing: the user in question doesn't have rights to RDP to any machines in the DMZ - he's just doing file drops for a web site. Either way, it would be good to be able to change passwords remotely, either via RDP or by using the local machine to request the password change via ALT+CTRL+DEL. Kurt On Thu, Feb 18, 2016 at 10:56 AM, Michael B. Smith <[email protected]> wrote: > Don't the newest rdp client versions fix this? > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, February 18, 2016 1:41 PM > To: ntsysadm > Subject: Re: [NTSysADM] My ignorance is showing again... > > Not sure what you mean - but let me show what I've tried: > > The DMZ forest is dmz.example.com, while production is example.com (don't > yell, I didn't set up the DMZ forest). I press ALT+CTRL+DEL on my machine in > the production forest, and select "Change a password" > (I'm running Win8.1), then type in the ID and old password and new password > in the relevant fields. > > For the ID, I've tried [email protected], [email protected], > dmz.example.com\kurt-dmz and dmz.example\kurt-dmz, and get the same error > message in all cases. > > I've also tried using the name of the DC - > [email protected] - and get the same error message. > > Kurt > > On Thu, Feb 18, 2016 at 7:53 AM, Miller Bonnie L. > <[email protected]> wrote: >> Do you get the same results with netbios vs UPN logon? >> >> -Bonnie >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kurt Buff >> Sent: Wednesday, February 17, 2016 1:41 PM >> To: ntsysadm <[email protected]> >> Subject: [NTSysADM] My ignorance is showing again... >> >> We have two separate, untrusted forests - DMZ and production. >> >> Production is at DFL/FFL 2008. >> DMZ is at DFL/FFL 2012R2 >> >> I changed a password for an account in the DMZ forest, setting it to require >> change at next logon. >> >> User cannot RDP from machine in production forest to machine in DMZ forest >> because the password must be changed first. >> >> User cannot change password on machine in production forest for >> account in DMZ forest using ALT+CTRL+DEL, because he's getting the >> message: >> >> "configuration information could not be read from the domain >> controller, >> either because the machine is unavailable, or access has been denied." >> >> I know I can unset the requirement to change the password at next logon, but >> that seems silly, because then I can't enforce having him change it without >> standing over his shoulder while he does it. >> >> How the heck can I do this? I've tried with my own user accounts, and have >> confirmed the problem. >> >> Kurt >> >> > >
