-
Title
Local Windows account password has expired and is unable to login -
Description
When a user logs into an RDP session for a Windows server or workstation and the account used is a local account (not a domain account) and the password has expired the user will not be able to logon and will not be prompted to update their password.
The debug logs may present an error similar to this:
CSSP Packet contains NTSTATUS error code; error_code='C000006D'
CSSP Packet; version='6', tokens='0'
CSSP errorCode; value='0xC000006D'
Failed to mangle CredSSP packet;
Error parsing incoming data;The Windows workstation/server Security logs in Event Viewer may present an error similar to this:
Failure Information:Failure Reason: Unknown user name or bad password.Status: 0xC000006DSub Status: 0xC000006AThe user will receive a popup similar to below that states 'This computer can't connect to the remote computer.':
-
Cause
RDP does not allow the logging in of local accounts if the password has expired independent of SPS, so it is not possible to have this functionality using SPS.
If a local account with an expired password is used independent of SPS an error stating 'This user account's password has expired. The password must change in order to logon.':
The Security logs in the Event Viewer of the Windows workstation/server may present an error similar to this:
Failure Information:Failure Reason: The specified account's password has expired.Status: 0xC000006ESub Status: 0xC0000071 -
Resolution
Use an administrator account to reset the password of the expired account.
Physically log onto the workstation or log onto the console for a server and update the password.