We have a 2003 domain with two 2003 domain controllers on 2008 R2 functional level.
Over the past week, when a user's password expires, they attempt to change it when logging into a 2008 R2 remote desktop server. They get the normal message saying that their password needs to be changed:
After pressing ok, they are taken to the password change screen:
After entering a new password (which meets all of our password policy requirements), they simply receive the same message again, stating that they must change their password before logging in for the first time.
Don't think this is NLA, as the machine I am connecting from support NLA, and the users' client device has not changed.
When logging in to a 2003 server, I receive the prompt and am able to reset my password successfully.
If I do not set the user to require a password change on next logon, they are able to logon and reset their password successfully through CTRL+ALT+DEL.
Does anyone have any idea what would have caused this behaviour?
Best Answer
In case anyone stumbles into this question, the answer lies here: https://community.spiceworks.com/topic/1560739-kb3149090-causing-password-reset-loop
Basically, there are updates that seem to affect mixed domain setups. In our case, we have 2003 DCs, so we had to remove the applicable updates to fix the issue.
i won't list them, as the spiceworks page is constantly updated with superceeding updates, so that's the best place to check.