How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

Posted by NReilingh on Server Fault See other posts from Server Fault or by NReilingh
Published on 2014-06-13T02:32:09Z Indexed on 2014/06/13 3:27 UTC
Read the original article Hit count: 555

We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window.

The only two role services installed on this server is the RD Session Host and Licensing.

User properties window

When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid:

Error has occurred

On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Related posts about remote-desktop-services