Hello,
Thank you for posting in Q&A forum.
Per your description:
- Can not update the password from client to DC when the password is expiration
- Can not change password from client to dc when the first logon
By my understanding, the issue is not at password policy. It is client cannot update the password to domain controller. And in your environment, the client can receive the infor from dc to know that their password is expired but cannot update to dc.
So I suggest you can try to using ping to test the connection, update action should using port 135 so you can also using telnet to test, command as below
Ping target IP
Telnet target IP port
Hope the answer is helpful
Best regards
Yanhong Liu
=====================================
If the answer is helpful, please click "Accept answer" and update it