4

For one of our customers we have configered a maximum password age of 90 days. If those 90 days are over, the users are forced on logon to change their password. This worked fine for the past 9 months, but since today we have massiv problems.

The user gets notificated that he have to change his password. After changing it Windows shows the notification "Password beeing changed" and that is where the Problem occurs. In the past Windows showed after that the small text "Password has been changed" and starts to logon the user(loading his profile and so on). But since today there happens nothing. The Workstations are just hanging with the message "Password being changed" and the password circle is rotating.

If you turn off the workstation and logon again with the same User and the new Password, then you can logon. If you try to do this with the old password, you get an "Password and/or Username false" error. I was able to see this behavior on different workstations with different users. Because of that I suspect it is a network wide Problem.

So the password will be changed, but there is a Problem existing. What I've checked so far:

  • EventViewer on the workstations (no errors/warnings)
  • EventViewer on all DCs (no errors/warnings)

To be honest I have no idea why this is happening or were we should start searching the problem. Has anybody experienced something similar in the past ?

Environment: Workstation OS: Windows 8 Server OS: Windows Server 2012 (DC's) Server OS: Windows Server 2008R2 (Member)

Thanks

SaintCore
  • 83
  • 2
  • 3
  • 8
  • 1
    Windows 7 and up uses the Kerberos Password Change service (`kpasswd`), accesible on port 464 on the Domain Controller - make sure that you don't have a firewall dropping traffic on that port in between – Mathias R. Jessen Feb 12 '15 at 11:57
  • 1
    Check ntp , check firewall , check windows files (chkdsk , scandisk etc) . – YuKYuK Feb 12 '15 at 12:01

2 Answers2

2

We had this problem at a previous employer. It was an ACL on the routers between the DCs and the workstations. Make sure that all required ports are available, especially 464 (as Mathias R. Jessen pointed out). Here's a list of those ports.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
0

Up first sry for my late feedback.

At the moment the problem does not exist anymore. I've just done a reboot of all DC's and since there it looks like the problem is "solved". I've got no report from a user in the last 10 Days and there are at least 4 Users who had to renew their password. If the Problem occurs again I will post the solution here(if we can find one).

Cheers

Edit 21.05.2015: Since Today the problem occurs again. I will edit my answer when we were able to solve it.

SaintCore
  • 83
  • 2
  • 3
  • 8