This article was previously published under Q263603
This article has been archived. It is offered "as is" and will no longer be updated.
When a new user logs on to a workstation for the first time in a Windows 2000-based domain, the following symptoms can occur if the Must change password on first logon setting is enabled for that user account:
Windows 2000 displays a dialog box for the user to change the password, even if the user typed an incorrect password to log on.
The error message box states "Your password has expired and must be changed" instead of "You are required to change your password at first logon."
This behavior is caused by a problem in Kerberos on the domain controller.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later: