I got the following message trying to RDP to a Windows Server 2012 R2. However I can't get a prompt or anything to change the password. Is this due to NLA (network-level authentication) or could it be something else?
This user account's password has expired. The password must change in order to logon. Please update the password or contact your system administrator or technical support.
I was able to get the password changed after I added this row:
enablecredsspsupport:i:0
temporarily to my default.rdp file c:\users\[username]\documents. This changed the situation so that the authentication happened in server side, and the the server was able to show the dialog for giving the new password.
I do not believe mismatched NLA would affect an RDP connection in this way. I've only seen that effect when trying to authenticate shares and the like.
Are you getting the error once you're at the logon screen on the remote server, or from the RDP credentials dialog on your local screen?
One possible reason could be that the account is configured not to allow the user to change their own password. I've seen this configuration several times in environments where smart cards logins are only partially implemented. Users are configured to allow smart card authentication, but not require it. So, there is a password associated with the account, but the user has no knowledge of (or control over in some cases) the password - which may or may not have been reset as a part of the smart card implementation.
I had this error message pop up while using a Microsoft account to RDP into the remote computer. The issue was that the local account associated the Microsoft login, in the target computer, had "User must change password at next login". I logged in into it and switched this local account property to "Password never expires", as I always log in into that computer using a Microsoft account. I was finally able to connect.
