Changing Expired Password via RDS in Windows Server 2012

This article shows how the remote users can change their expired RDS password themselves through RDP-connection to the Remote Desktop Services (RDS) farm on Windows 2012/2012 R2.

Change Expired Password Using RDS

Windows Server 2012 R2 and Windows 8.1 are enabled using a default authentication mechanism known as NLA or Network Level Authentication that does not allow users with expired password to connect using RDP. When the password has expired, user will receive the following error message during RDP connection attempt:

An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote computer:xxxxxx
This could be due to an expired password
Please update your password if it has expired.

this could be due to an expired password

Thus, by using NLA, the problem of replacing the expired password via RDP can become almost unsolvable puzzle for remote users who do not have other ways to connect the network. Of course, you can certainly ask advance users to change their password directly in the RDP session; however, it does not always work because of the forgetfulness of the unit members.

Windows 2012 / R2 has a new option, that allows remote users to change their current or expired password by using the special web page on RD Web Access server. The process of changing the password would be: user signs in to the registration web page on the server with the RD Web Access role, and then can change his password using a special form.

READ ALSO  Remote control in Configuration Manager 2012

Functional remote password change is available on the server with Remote Desktop Web Access role, but by default this feature is not enabled.

password.aspx is used to change the password. You can find it here: C:\Windows\Web\RDWeb\Pages\en-US.

To activate password change function, you need to open IIS (IIS Manager) on the server with RD Web Access role, then go to [Server Name] > Sites > Default Web Site > RDWeb > Pages and finally open Application Settings.

remote computer this could be due to an expired password

At the right pane, search for PasswordChangeEnabled parameter and change its value to true.

the local security authority cannot be contacted this could be due to an expired password

To test the the password change mechanism, go to the Web page:
https: // [RD-WEB-1] /RDWeb/Pages/en-US/password.aspx

kb2648402

Now when user with expired password will attempt to connect to RD Web Access server, he will be redirected to password.aspx page, where he can change his password.

the local security authority cannot be contacted expired password

Note: After installing KB 2648402 special patch, you can get a similar functionality in Windows Server 2008 R2.

You can add a link to password change form directly into the registration form on the RDWeb server. This will allow users to change their password on their own at any time (users don`t have to wait until their password expires).

Let`s add a link to password.aspx on the login page.

Locate and open this file on the RDWeb server using any text editor:
C:\Windows\Web\RDWeb\Pages\en-US\login.aspx

Go to the 538 line and then insert the following code:

READ ALSO  How to Backup WSUS Database?

<a href=”https://[RD-WEB-1]/RDWeb/Pages/en-US/password.aspx”> Password Reset Utility</a>

change expired password rdp

Save login.aspx, restart the IIS website, and then check that the link to the password change page appeared at the terminal server registration page.

Cyril Kardashevsky
Latest posts by Cyril Kardashevsky (see all)

One comment

  1. Thank you so much, this just got me out of a sticky situation. I was unable to RDP to our server on another site as the password had expired!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.