Wednesday, November 14, 2012 5:38 PM
We have two problem machines running Windows 7 SP1, logging into our domain running 2008 R2. We are set to have users create new passwords every 60 days. When their passwords expire, the users of these two machines get the message that they have to change their passwords when they log in. If they click OK to change the password, they are returned to the logon screen. If we reset their passwords on the domain controller, checking that they have to change the password at the next logon, they can log on, get the message that they must change their password, and instead of going to the password change screen, are sent back to the standard logon screen. Thus they are caught in a loop, and never can actually log on.
In their AD user profile, the users are allowed to change their password.
We can get them on by resetting the password on the domain controller and deselecting the must change password at next logon, but that will only hold us until the next password expiration.
Wednesday, November 14, 2012 7:02 PM
Change password before it expires.
Reset user account when the expiration time expired.
Consider change of GPO to cover this problem. Give a try to GPO Technet forum
- Marked As Answer by Alex ZhaozxMicrosoft Contingent Staff, Moderator Friday, November 23, 2012 6:42 AM
Wednesday, November 14, 2012 7:36 PM
This seems to be workstation specific problem.
Run the "ipconfig /all"
Make sure that dns server is correct.
DNS server should be able to direct you to a correct DC for password change.
Also make sure that the user is not being logged on with a "temp" profile.