As such, profile redirection isn't occuring which is causing a whole host of other issues. Windows could not authenticate to the Active Directory service on a domain controller. Look in the details tab for error code and description.
A quick look in the system error logs shows me kerberos errors all over the place...
I was defining in the Controller Policy as you said but looked in Domain Policy and was not defined in there, I defined it so it matched the Controller Policy and the commanded gpupdate /force on the server and the Password can now be set without the complexity.
So just gotta get the other GPs to update, tried updating on the clients anyway but didnot work The Default Domain Controller Policy only affects Domain Controllers, it won't affect any other systems. I can change the Folder Option item for example, then run gpupdate /force on the client, and it takes effect immediately, or log off the client and log back on. Using just the the GPO took effect but had to logoff user gpupdate /force didnt work, but this included the administrator and the managers user account.
I have an issue relating to GPO and existing user profiles.