The backup of a domain controller in another domain fails with the following error:
Error creating backup: Failed to connect to backup agent: Cannot establish the connection to the backup agent. All backup operations has failed.
Cause 1: A domain GPO has been set up to removed "Password Never Expires" from all Domain User accounts. The service account has had this option removed from the account and the password is now considered to be expired. With full diagnostic logging turned on the error message shows as:
Logon failure: unknown user name or bad password. Access Denied.
Cause 2: The issue could be related to the way how Windows interprets logon names and how domains are resolved during authentication. UPN uses DNS-based resolution. DOMAIN\user uses NetBIOS name resolution, which means that when you log on from another domain, the NetBIOS domain name must be resolvable in that context. If it is not, Windows cannot determine which domain to query, and the logon fails.
Resolution 1: Log in as a Domain Admin to the domain where the service account resides and recheck the "Password Never Expires" option. There is no need to change the password at all. Once the option is selected and applied the account will function normally again. Ensure that the account will not be affected by the GPO in the future.
Resolution 2: Use the UPN format when configuring the account inside the Agent tab of Computer Collection properties: "user@domain.xxx", instead of the NetBIOS "domain\user".
