Workstations hang on "Change Password" after expired Password

active-directory windows-server-2012 windows-8 password-policy
5,559

We had this problem at a previous employer. It was an ACL on the routers between the DCs and the workstations. Make sure that all required ports are available, especially 464 (as Mathias R. Jessen pointed out). Here's a list of those ports.

Share:
5,559

Related videos on Youtube

SaintCore
Author by

SaintCore

Updated on September 18, 2022

Comments

  • SaintCore
    SaintCore over 1 year

    For one of our customers we have configered a maximum password age of 90 days. If those 90 days are over, the users are forced on logon to change their password. This worked fine for the past 9 months, but since today we have massiv problems.

    The user gets notificated that he have to change his password. After changing it Windows shows the notification "Password beeing changed" and that is where the Problem occurs. In the past Windows showed after that the small text "Password has been changed" and starts to logon the user(loading his profile and so on). But since today there happens nothing. The Workstations are just hanging with the message "Password being changed" and the password circle is rotating.

    If you turn off the workstation and logon again with the same User and the new Password, then you can logon. If you try to do this with the old password, you get an "Password and/or Username false" error. I was able to see this behavior on different workstations with different users. Because of that I suspect it is a network wide Problem.

    So the password will be changed, but there is a Problem existing. What I've checked so far:

    • EventViewer on the workstations (no errors/warnings)
    • EventViewer on all DCs (no errors/warnings)

    To be honest I have no idea why this is happening or were we should start searching the problem. Has anybody experienced something similar in the past ?

    Environment: Workstation OS: Windows 8 Server OS: Windows Server 2012 (DC's) Server OS: Windows Server 2008R2 (Member)

    Thanks

    • Mathias R. Jessen
      Mathias R. Jessen about 9 years
      Windows 7 and up uses the Kerberos Password Change service (kpasswd), accesible on port 464 on the Domain Controller - make sure that you don't have a firewall dropping traffic on that port in between
    • YuKYuK
      YuKYuK about 9 years
      Check ntp , check firewall , check windows files (chkdsk , scandisk etc) .

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I add a Microsoft account user to Windows Server 2012?
Why is JDK1.8.0u121 unable to find the kerberos default_tkt_enctypes types? (KrbException: no supported default etypes for default_tkt_enctypes)
Windows Server 2012 UAC issues
Login with Microsoft Account instead of Domain Account on Windows 8
Windows 2012 Domain Controller NETLOGON error
What is the difference between Windows 8 and Windows Server 2012?
Is it possible to 'Trust' a Remote Desktop connection on the same domain?
Is there any trick to join and use Windows 8/8.1 with Samba 4 (4.1.6)?
I can't reset an expired password because it is expired. What's next?
Active Directory setup with Profile Path and Home Folder