Win2k Server AD problems. Major trouble!!

From: terry nikkols (anonymous_at_discussions.microsoft.com)
Date: 02/19/04


Date: Thu, 19 Feb 2004 13:46:30 -0800

U need to run a command from a dos prompt on the server:

c:>ip access-list permit any any gt rpc

>-----Original Message-----
>I started having major problems with my Win2k DC.
>Suddenly, when I create a user account in AD and
>configure it to prompt the user to change his/her
>password on first logon it does not do prompt the user
>and lets them log right on to the domain without changing
>the password. I logged onto my AD server and checked the
>user account and noticed that when I would open a user
>object, check the box for them to change their password
>at next logon under the Account tab, apply the changes,
>and close the user object. I then reopened the user
>object, went to the Accounts tab and the Prompt User to
>Change Account At Next Logon check box was cleared again
>allowing the user to logon to the domain without having
>to change passwords. Does anyone have any ideas? Also,
>I noticed the the eventlogs now show no entries at all.
>I have rebooted twice with no changes. I believe this
>might be a result of installing Services For Unix 3.5
>last night. However, I don't see what or why this would
>cause these problems.
>
>Thanks.
>.
>