We run a 2008 R2 remote desktop server. We require NLA (network level authentication)
My goal is to understand the following technical detail:
"Not possible to log on and change password when "User must change password at next logon" is enabled on the user account"
While I can reproduce this unwanted effect myself, I don't understand it. Can anyone wiser give details on what exactly NLA changes so that this pw-change prior to logon is made technically inpossible?
Background: we would like to use RDP-SSO. That however requires NLA. And NLA "destroys" the ability to setup new users with the attribute "User must change password at next logon" if those users are only able to logon via RDP
- they are simply rejected with the error "An authentication error has occurred. The local security authority cannot be contacted".