Hi all,

We made the DSFW installation last week and we have some issues with users password.
Users can not login to the DSFW domain, in order to do it, they must do a first login with Novell client (after that, they are able to login to DSFW domain).
DSFW is installed on a flat tree (flat tree is synchronized with corp tree by IDM).
I installed diagpwd on both trees and I observed the following:
On the flat tree, "Last Changed Date" had old values (Ej. 2014-10-07 11:49:45) and Password Status show the message "UP older than NDS". When some user makes a login to the flat tree with Novell client, the value for "Last Changed Date" is update, but the message "UP older than NDS" continues.
Other issue is that when a user change his password (userapp portal connected to corp tree), the password for DSFW user is not changed.
I am really confused with this behavior..I copy an example for a user which can not log to DSFW Domain:

Flat tree:

Object DN: cn=OALARCON,ou=Users,o=MG
EMail: OALARCON@metrogas.com.ar
Last Changed Date: 2014-10-07 11:49:45 Z
Password Status: Enabled, Set, UP older than NDS, UP != Simple, UP != NDS
Distribution Password Status: Set
Simple Password Status: Not set
Password Policy DN: cn=eDirectoryPass,cn=Password Policies,cn=Security

Corp tree:

Object DN: cn=OALARCON,ou=ADMF,ou=MAGA,ou=CENTRAL,o=MG
EMail: OALARCON@metrogas.com.ar
Last Changed Date: 2015-05-29 17:33:36 Z
Password Status: Enabled, Set, UP != Simple
Distribution Password Status: Set
Simple Password Status: Not set
Password Policy DN: cn=UPPolicy,cn=Password Policies,cn=Security

Finally, our UP policy has the value "true" on the option "Synchronize Distribution Password when setting Universal Password".

Any ideas.
Thanks in advance!
Cristian