Cannot change passwords through RDP connection
One of our clients reported a problem regarding the change of expired passwords through RDP connection.
Some users are connecting to jump stations and they do not have any other access to local company resources.
Once the password for a domain account expire those users do not have the option to change the password via RDP connection.
Users get the following error message:
An authentication error has occurred. The Local Security Authority cannot be contacted.
Remote computer:
This could be due to an expired password.
Please update your password if it has expired.
For assistance, contact your administrator or technical support.
To be able to fix this I had to lower down security on one of those jump stations so users are able to change the password only on one jump station. Users will also have to change the .rdp file with instructions below. After that, they will be able to normally connect to other jump stations they have access to.
- Open Remote Desktop Connection (mstsc.exe)
- Under Show Options | Connection settings | Click Save as to save the *.rdp file
- Right click on the .rdp file and edit this file with Notepad or other text editors
- Add the following line: enablecredsspsupport:i:0
- Save the file
When you try to connect now you might receive another error message:
The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.
Now, go to the destination server/jump station and do the following.
Open local security editor (gpedit.msc) and browse to the following setting:
Computer Configuration | Administrative Templates | Windows Components | Terminal Services | Terminal Server | Security
Note: The path used is for Windows 2008 server. On other Windows Servers, it might be slightly different.
Change the Require user authentication for remote connections by using Network Level Authentication setting to Disabled.
Close the policy editor and try to connect again. Users should now be able to change expired passwords through RDP connection.
Hope this helps.
Forget security, heres how you open it up to everyone.
Well if you’re behind a firewall and your clients are connecting through secure VPN you have to give them an option to change their passwords through RDP connection.