I recently came across an issue where a user tried to log into a Windows Server via Remote Desktop Connection but was unable to. The following error was displayed:
Searching through the server security logs, I came across the following error:
Log Name: Security
Date: 4/4/2013 11:10:10 AM
Event ID: 4625
Task Category: Logon
Keywords: Audit Failure
An account failed to log on.
Security ID: NULL SID
Account Name: –
Account Domain: –
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: test.me
Account Domain: demo
Failure Reason: The specified account’s password has expired.
Sub Status: 0x0
Based on the failure reason “The specified account’s password has expired“, I reset the user’s password and asked the user to try the login again but yet same message was still displayed even though the account was not locked.
I have seen few threads discussions on this issue and none of the suggestions worked. What I did discover is when I uncheck the option “User must change password at next logon“, then that seems to resolve the issue. When user finally logs in and logs out again and I check the option again “User must change password at next logon“, the issue appears again :(.
As repeatedly mentioned by Spas Kaloferov in this thread http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/514f973b-66f7-48ce-958b-ef598eb9d13a/, I decided to use another RDP tool and not Remote Desktop Connection to test. On testing using alternate RDP 3rd party tool, it took me to the server console screen and asked for the password to be change which wasn’t the case with RDP :(.
To fix this issue, there are two choices here:
– Remove the option “User must change password at next logon” which I would not suggest as this would mean you have access to user’s password.
– Check the option “User must change password at next logon” and get user to login using a 3rd party RDP tool.
Irrespective of the above options, there might be a bug on the RDP client end preventing the Security Authority from establishing proper communication with the Domain Controller hence not able to initiate the password change procedure.comments powered by Disqus