I think I've seen this issue posted before (once by me) without a good resolution, so thought I'd give it another shot. Setup : Windows 2003 (all critical hotfixes) (also tried SP1) Metaframe XP FR3 SP4, though problem also occurs via RDP Steps : - Log into Server A once as a user, then logoff - Reset password (from hyena, mmc, or user reset from a different server) - Log into Server A with new password - Account is (nearly) immediately locked out (5 retry limit in place) I've set the number of cached logins to 0 via GPO, enabled Kerberos logging (also tried maxpacketsize and max tokensize settings), alockout.dll which didn't tell me anything, and disabled UPHClean. Logs tells me nothing enlightening. I've eliminated login scripts or any drive mapping as the cause. The only "fixes" are to either reset the user's password to the old password or to reboot that terminal server (scheduled reboots weekly). We are currently in an AD domain, which has only made the problem worse (I can actually recreate the problem now). With a NT domain, the problem was more sporadic. As best I can figure, the terminal server is somehow caching the account's password. The domain obviously know the correct one, but the server itself doesn't seem to want to believe it. This is causing major headaches for me and way too many calls to the Help Desk. Short of calling Microsoft, I'm stumped. Anyone have any thoughts? Thanks, Tony