RDS remote password change

Changing expired password via RDS in Windows Server 2012

This article shows how the remote users can change their expired RDS password themselves through RDP-connection to the Remote Desktop Services (RDS) farm on Windows 2012/2012 R2.

Change expired password using RDS

Windows Server 2012 R2 and Windows 8.1 are enabled using a default authentication mechanism known as NLA or Network Level Authentication that does not allow users with expired password to connect using RDP. When the password has expired, user will receive the following error message during RDP connection attempt:

An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote computer:xxxxxx
This could be due to an expired password
Please update your password if it has expired.

authentication error

Thus, by using NLA, the problem of replacing the expired password via RDP can become almost unsolvable puzzle for remote users who do not have other ways to connect the network. Of course, you can certainly ask advance users to change their password directly in the RDP session; however, it does not always work because of the forgetfulness of the unit members.

Windows 2012 / R2 has a new option, that allows remote users to change their current or expired password by using the special web page on RD Web Access server. The process of changing the password would be: user signs in to the registration web page on the server with the RD Web Access role, and then can change his password using a special form.

Functional remote password change is available on the server with Remote Desktop Web Access role, but by default this feature is not enabled.

password.aspx is used to change the password. You can find it here: C:\Windows\Web\RDWeb\Pages\en-US.

To activate password change function, you need to open IIS (IIS Manager) on the server with RD Web Access role, then go to [Server Name] -> Sites -> Default Web Site -> RDWeb -> Pages and finally open Application Settings.

Application Settings

At the right pane, search for PasswordChangeEnabled parameter and change its value to true.

Application Settings

To test the the password change mechanism, go to the Web page:
https: // [RD-WEB-1] /RDWeb/Pages/en-US/password.aspx

Work resources

Now when user with expired password will attempt to connect to RD Web Access server, he will be redirected to password.aspx page, where he can change his password.

password RDS

Note: After installing KB 2648402 special patch, you can get a similar functionality in Windows Server 2008 R2.

You can add a link to password change form directly into the registration form on the RDWeb server. This will allow users to change their password on their own at any time (users don`t have to wait until their password expires).

Let`s add a link to password.aspx on the login page.

Locate and open this file on the RDWeb server using any text editor:

Go to the 538 line and then insert the following code:

<a href=”https://[RD-WEB-1]/RDWeb/Pages/en-US/password.aspx”> Password Reset Utility</a>

Password Reset Utility

Save login.aspx, restart the IIS website, and then check that the link to the password change page appeared at the terminal server registration page.

You may also like:

Destination Path Too Long Fix (when Moving/Copying... If you are receiving an error Destination Path Too Long when trying to copy or move a file to a folder, try the quick trick below. The reason you are ...
How to Solve the Windows Update Error 80072ee2? In this article, we will guide you through the most complete guide for solving the Windows update error 80072ee2. Windows errors are notoriously di...
How to Fix The User Profile Service Failed the Sig... Sometimes, when you log on into Windows 10 after entering the username and password, you may see an error The User Profile Service failed the sign-in....
RDP error: This computer can’t connect to the remo... Let’s try to figure out how to fix an RDP connection error This computer can’t connect to the remote computer, which occurs when you are trying to con...
Recover SA Password on Microsoft SQL Server 2012 If you want to connect to Microsoft SQL Server, but the SA password is successfully forgotten and there is no user with the SQL Administrator rights —...
  1. Posted by PAT Testing Southampton

Add Your Comment