<p>One of our clients reported a problem regarding the change of expired passwords through RDP connection.</p>
<p>Some users are connecting to jump stations and they do not have any other access to local company resources.</p>
<p>Once the password for a domain account expire those users do not have the option to change the password via RDP connection.</p>
<p>Users get the following error message:<br />
An authentication error has occurred. The Local Security Authority cannot be contacted.<br />
Remote computer:<br />
This could be due to an expired password.<br />
Please update your password if it has expired.<br />
For assistance, contact your administrator or technical support.</p>
<p><img class="alignnone wp-image-2685 size-full" title="passwords through RDP" src="https://www.wincert.net/wp-content/uploads/2018/08/rdp_nla_1.png" alt="passwords through RDP" width="406" height="207" /></p>
<p>To be able to fix this I had to lower down security on one of those jump stations so users are able to change the password only on one jump station. Users will also have to change the <strong>.rdp</strong> file with instructions below. After that, they will be able to normally connect to other jump stations they have access to.</p>
<ol>
<li>Open Remote Desktop Connection (<strong>mstsc.exe</strong>)</li>
<li>Under <strong>Show Options</strong> | <strong>Connection settings</strong> | Click <strong>Save as</strong> to save the <strong>*.rdp</strong> file</li>
<li>Right click on the <strong>.rdp</strong> file and edit this file with <strong>Notepad</strong> or other text editors</li>
<li>Add the following line: <strong>enablecredsspsupport</strong><strong>:i:0</strong></li>
<li>Save the file</li>
</ol>
<p><img class="alignnone size-full wp-image-2688" src="https://www.wincert.net/wp-content/uploads/2018/08/rdp_nla_3.png" alt="" width="289" height="151" /></p>
<p>When you try to connect now you might receive another error message:</p>
<p>The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support.</p>
<p><img class="alignnone wp-image-2687 size-full" title="passwords through RDP" src="https://www.wincert.net/wp-content/uploads/2018/08/rdp_nla_2.png" alt="passwords through RDP" width="557" height="133" /></p>
<p>Now, go to the destination <strong>server/jump station</strong> and do the following.</p>
<p>Open <strong>local security editor</strong> (<strong>gpedit.msc</strong>) and browse to the following setting:</p>
<h6>Computer Configuration | Administrative Templates | Windows Components | Terminal Services | Terminal Server | Security</h6>
<p><em>Note: The path used is for Windows 2008 server. On other Windows Servers, it might be slightly different.</em></p>
<p>Change the <strong>Require user authentication for remote connections by using Network Level Authentication</strong> setting to <strong>Disabled</strong>.</p>
<p>Close the policy editor and try to connect again. Users should now be able to change expired passwords through RDP connection.</p>
<p>Hope this helps.</p>