Search Our Database

How to fix “User Must Change Password” error when connecting via RDP

Last updated on |
under
System, Troubleshooting, Windows
|
by

Introduction

When you try to logon to an RDP session with a new username given to you, (with correct credentials) you might encounter this error message:

This is due to RDP client has been negotiating with the server for network level authentication. However, network level authentication is executed before a remote desktop session has even been created. That means that you cannot perform the forced password change during the first login if network level authentication is invoked. To make the password change take place despite this, you must first temporarily disable network level authentication. Below are the steps as follow

 

 

Step by step configuration guide

1.  Click on “show more options” in the Remote Desktop Connection Tab. Then click on “Save As..” to save the connection settings in a file. You can place the file anywhere in your device. For convince purpose, this tutorial will place the file in desktop directory.

 

 

2. Open the saved RDP file in Notepad. Add the following lines to the bottom of the file, then save the file.

username:s:Administrator
authentication level:i:2
enablecredsspsupport:i:0

 

3. Double-click the RDP file. Enter the name/IP of the Target Machine to be connected

Instead of the local Windows Security prompt you should see a Windows Logon screen on the remote computer (if not, continue reading):

 

4. If the account you log on with at this point has the “User must change password at next logon” option enabled, you get notified about that:

By clicking OK you get the possibility to change the password.

After changing the password, you get confirmation about the change:

Clicking OK logs, you in.

 

5. Delete the ChangePassword.rdp file, as disabling network authentication lowers the security of RDP connections. For upcoming RDP connection, you will be able to login normally.

 

**Source: Changing the Windows password during first login – Hetzner Docs

 

Conclusion

By following the steps outlined in this guide, you can resolve the issue where users encounter the “User must change password at next logon” error when connecting via RDP, by temporary disable the network Authentication Feature of RDP. Do note that you are advised to use Regular RDP session upon successful password change, as disabling network authentication lowers the security of RDP connection.

For additional assistance or if you encounter any issues, please contact our support team at support@ipserverone.com.

 

 

 

Article posted on 23 April 2020 by Louis

Related Article

Related Posts