A user in a trusted Windows Server 2003 forest cannot use a UPN to log on to a trusting Windows Server 2003 forest when UPN suffixes are not DNS-compliant

Article translations Article translations
Article ID: 942223 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario. A Windows Server 2003 forest trusts another Windows Server 2003 forest. However, a user in the trusted forest cannot use a user principal name (UPN) to log on to the trusting forest.

This problem may occur if a UPN suffix that is created in the "Active Directory Domain and Trusts" Microsoft Management Console (MMC) snap-in is not a DNS-compliant name. Typical UPN suffixes that are not DNS-compliant include, but are not limited to, the following:
  • Names that consist completely of numeric characters
  • Names that contain non-ANSI characters
For example, assume that forest B trusts forest A. User A in forest A has a UPN of userA@12345. User B in forest A has a UPN of userB@example.com. In this situation, user B can log on to forest B. However, user A cannot log on to forest B.

CAUSE

This problem occurs when UPN suffixes that are not DNS-compliant are not routed across a forest trust.

RESOLUTION

To enable users to log on to the trusting forest, change the UPN suffixes so that they are DNS-compliant.

To prevent UPN suffixes that are not DNS-compliant from being created, you can change the UPN suffixes in the "Active Directory Domain and Trusts" MMC snap-in. Make sure that all the specified UPN suffixes are DNS-compliant.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 942223 - Last Review: October 11, 2007 - Revision: 1.2
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Keywords: 
kbexpertiseinter kbtshoot kbprb KB942223

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com