7
4
I got the following message trying to RDP to a Windows Server 2012 R2. However I can't get a prompt or anything to change the password. Is this due to NLA (network-level authentication) or could it be something else?
This user account's password has expired. The password must change in order to logon. Please update the password or contact your system administrator or technical support.
Ogglas
Posted 2016-09-29T20:14:38.800
Reputation: 920
10
I was able to get the password changed after I added this row:
enablecredsspsupport:i:0
temporarily to my default.rdp file c:\users\[username]\documents. This changed the situation so that the authentication happened in server side, and the the server was able to show the dialog for giving the new password.
James Z
Posted 2016-09-29T20:14:38.800
Reputation: 291
Does not seem to work with Server 2k12 R2. – JustAGuy – 2019-03-03T19:29:11.830
Server. Client being Win10. – JustAGuy – 2019-03-04T15:06:18.707
Did you get an error saying something like remote computer requires network level authentication which your computer does not support? – James Z – 2019-03-05T13:26:53.130
I actually did. – JustAGuy – 2019-03-05T13:31:12.180
Had a chance to test this only really quickly, but it looks like that "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" link in the server side prevents this. Not really my area of expertise, so there might be something else related to this too.
– James Z – 2019-03-05T17:35:04.863Thank you so much! You really saved me there – Asaf – 2019-08-11T06:46:18.130
0
I do not believe mismatched NLA would affect an RDP connection in this way. I've only seen that effect when trying to authenticate shares and the like.
Are you getting the error once you're at the logon screen on the remote server, or from the RDP credentials dialog on your local screen?
One possible reason could be that the account is configured not to allow the user to change their own password. I've seen this configuration several times in environments where smart cards logins are only partially implemented. Users are configured to allow smart card authentication, but not require it. So, there is a password associated with the account, but the user has no knowledge of (or control over in some cases) the password - which may or may not have been reset as a part of the smart card implementation.
David Woodward
Posted 2016-09-29T20:14:38.800
Reputation: 1 094
Little bit late but I just got this error when trying to log using RDP into server in a different domain, and this happens on the local screen. – James Z – 2017-03-30T09:20:37.200
Are you providing a password on the local RDP connection screen before you get to the remote servers login screen? If so, they error is likely still about the account in the domain for the remote server or local account on the remote server. In that case you can try not providing a password on the local RDP screen before making the connection and then provide the user name and password on the remote servers login screen (if security configuration allows it). Then you might be allowed to change the password on the remote server's login screen. – David Woodward – 2017-03-31T01:18:30.687
1Are you the system administrator or technical support? – Xavierjazz – 2016-09-29T20:16:47.720
1No but I would still like to know what setting/configuration causes this. @Xavierjazz – Ogglas – 2016-09-29T21:17:43.140