Pages

Wednesday, September 16, 2009

Users Unable to Change Expired Passwords on Windows Server 2008

In our environment, we have Citrix XenApp 5.0 publishing desktops from Windows Server 2008.  Our users connect to these published desktops via thin client or through the web interface.  We recently decided to put our password policy into effect, which included expiring user passwords once a month.

When the first user experienced the password expiration interface in Server 2008 after coming back to a locked workstation, they received the following message:
"The password for this account has expired. To change the password, click Cancel, click Switch User, and then log on."

However, there was no cancel button to click on, and no apparent way for them to either change their password or log off and log on again to do so.  The only way we could get around this was for them to call the help desk, we'd manually reset their passwords in Active Directory and then they could log in again using that new password.  An unacceptable solution in my opinion :)

So, I started to do some digging and found the following Microsoft KB article:
http://support.microsoft.com/kb/958900
which has an associated hotfix, that we applied and users were able to happily go on changing their passwords when they expired.

But then, we noticed something else.  Users that had two monitors set up at their station were experiencing an interesting symptom now: When the Server 2008 login screen came up, the dialog was now centered in between the two monitors (instead of only being in the primary), and it only showed the left half of the dialog in the primary monitor.  The secondary monitor was just completely black.

Oddly enough, the solution was to upgrade to Server 2008 SP2.  The service pack includes the previously mentioned hotfix, but for some reason did not have the same affect on dual monitors that the hotfix alone had.

I spent several hours scouring the web for a solution and didn't find anything -- so hopefully this will help you!