locked
ADFS 3.0 - "Your password has expired. Type your updated password and try again." RRS feed

  • Question

  • I have a SharePoint DMZ with both a DC and another server running ADFS3 remote access - web application proxy. Its been working fine for a year but had issues last week, I think this is related to patching. No if I set up a new AD user with the force password change checkbox, the ADFS login page says "Your password has expired. Type your updated password and try again." when they try to log in. But this is a lie. If I remove the "must change password" checkbox from their account they log in fine.

    Could this be related to KB3179574?


    • Edited by Todd.Wilder Tuesday, September 20, 2016 6:40 PM
    Tuesday, September 20, 2016 6:32 PM

Answers

  • Can you check whether it is the issue described here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/edfbdd51-1e5b-424f-83ea-a0437b1d66d3/password-change-no-longer-working-from-externally-after-windows-updates?forum=ADFS

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, September 25, 2016 2:55 AM

All replies

  • This is definitely due to KB3179574 - I reverted that off of my DC and now everything is back to normal
    Tuesday, September 20, 2016 6:42 PM
  • Can you check whether it is the issue described here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/edfbdd51-1e5b-424f-83ea-a0437b1d66d3/password-change-no-longer-working-from-externally-after-windows-updates?forum=ADFS

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, September 25, 2016 2:55 AM
  • So, is it?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, October 2, 2016 4:06 PM
  • I removed KB3179574 from a DC in question that was servicing ADFS and this resolved it for me. With update installed and user set to change password on next login, you get Password has expired. With the update removed, it prompts the user to change the password.

    I have not currently removed the update from every Domain controller in the enterprise. Hopefully this gets escalated.

    • Edited by Conagher L Tuesday, October 4, 2016 1:15 PM
    Tuesday, October 4, 2016 1:14 PM
  • Have you check the link I suggested and made sure the Enabled on Proxy is checked once you have deployed the update?

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/edfbdd51-1e5b-424f-83ea-a0437b1d66d3/password-change-no-longer-working-from-externally-after-windows-updates?forum=ADFS


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 4, 2016 2:52 PM
  • Hmm. I set this initially, but may have went too fast in troubleshooting. On the DC where I removed the update, I reinstalled the update and ADFS is no longer presenting the message.

    I did have to restart all ADFS servers in the farm (restarting services wasn't enough), but with patch KB3179574 installed on domain controllers and the Enable on Proxy set for update password it is working now.



    • Edited by Conagher L Tuesday, October 4, 2016 3:43 PM
    Tuesday, October 4, 2016 3:42 PM