Cross-forest PCNS issues

Hi,

We have 2 forests, ForestA and ForestB.

FIM is deployed in ForestA.

FIM is synchronising users from ForestB (via ForestB MA) to ForestA (via ForestA MA).

ForestA and ForestB are connected via a 2 way Kerberos Trust.

All firewalls have been disabled between the virtual machines.

In ForestB we have deployed PCNS and ran the following command: pcnscfg ADDTARGET /N:FIMServer /A:FIM01.forestA.com /S:PCNSCLNT:FIM01.forestA.com /FI:"Domain Users" /f:3

In ForestA we have registered the SPN as: setspn -A PCNSCLNT/FIM01.forestA.com ForestA\FIMSyncService

FIM is importing users from ForestB and successfully provisioning them in ForestA.

FIM is configured as follows:

• FIM/Tools/Options/ Enable Password Synchronization is selected
• ForestB MA is configured as the Password Synchronization source / with ForestA selected as the Target MA
• ForestA MA / Configure Extensions / Enable Password Management is enabled

However, when a user changes their password in ForestB, event viewer on ForestB domain controller errors with:

Password Change Notification Service received an RPC exception attempting to deliver a notification.

The password change notification target could not be authenticated.

Additional Details:
 
Thread ID: 4300
Tracking ID: ad7d5acb-74ca-448e-9496-a4944260b955
User GUID: b6d8f3f9-d115-4331-816a-8af98683beda
User: FORESTB\test1
Target: FIMServer
Delivery Attempts: 460
Queued Notifications: 1
0x00000721 - A security package specific error occurred.
 
ProcessID is 2100
System Time is: 4/7/2014 5:58:46:284
Generating component is 2
Status is 1825 - A security package specific error occurred.
Detection location is 1710
Flags is 0
NumberOfParameters is 1
Long val: 0

ProcessID is 2100
System Time is: 4/7/2014 5:58:46:284
Generating component is 2
Status is 1825 - A security package specific error occurred.
Detection location is 1461
Flags is 0
NumberOfParameters is 0

ProcessID is 2100
System Time is: 4/7/2014 5:58:46:284
Generating component is 2
Status is 1825 - A security package specific error occurred.
Detection location is 141
Flags is 0
NumberOfParameters is 1
Long val: -1073741413

ProcessID is 2100
System Time is: 4/7/2014 5:58:46:284
Generating component is 3
Status is -1073741413
Detection location is 140
Flags is 0
NumberOfParameters is 4
Long val: 16
Long val: 6
Unicode string: PCNSCLNT/FIM01.FORESTA.COM
Long val: 68126

Any ideas?