Forum Discussion

Slawek82's avatar
Slawek82
Copper Contributor
Apr 04, 2022

Password Change Logon Loop Windows serwer 2019 KB5011551

I have a problem users passwords expire or I manual reset them with "User must change password" box checked. Every time they enter a new password it tells them to do it again in an endless loop. All...
Serwer2019
MysticFoxDE's avatar
MysticFoxDE
Brass Contributor
Apr 19, 2022

Hi Slawek,
the current April patch did not help me with the 2022 DC, because even an hour after installing the patch and of course also rebooting the clients and the server, a normal user was still unable to change a password.
It only worked again after I adjusted the "Minimum password age" in the GPO.

This Microsoft botch is getting worse by the day. 😡

Best Regards from Germany
Alex

P.S. Pernille-Eskebo Quality Assurance
Are you testing anything at all or are you perhaps still in hibernation mode?

Daniel Petersson's avatar
Daniel Petersson
Copper Contributor
Apr 20, 2022

Hi MysticFoxDE,

 

I have brand new DC's with WS 2022 and am now experiencing the exact same issue as you. I've tried to apply the workaround you supplied with the GPO setting "Minimum password age" set to 0 (zero), unfortunately without any positive result.

 

Do you have any tips?

 

Greetings from Sweden!

//Daniel

  • MysticFoxDE's avatar
    MysticFoxDE
    Brass Contributor
    Apr 21, 2022
    Hi Daniel,

    one small addition.
    I had problems with Kerberos on the 2022, which I was able to mitigate somewhat by setting the registry key described in the following article.

    https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

    PacRequestorEnforcement is currently set to 1 for me, but I've also experimented with 0 and 2 in the meantime.

    Best Regards from Germany
    Alex
    • Daniel Petersson's avatar
      Daniel Petersson
      Copper Contributor
      Apr 21, 2022

      Hi MysticFoxDE,

       

      Problem solved!!! :stareyes:

       

      First, I thought that my servers were patched. When downloading KB5012604 from Microsoft Update Catalog trying to manually update the servers, I was prompted that the KB was already installed (hence my original post). However, when running Windows Update from Microsoft on my servers this morning, they downloaded and installed the KB5012604. After a reboot, my test-user was able to change password when password was expired.

       

      Hopefully, this will also apply on WS 2019.

       

      Cheers!

       

      //Daniel

  • MysticFoxDE's avatar
    MysticFoxDE
    Brass Contributor
    Apr 21, 2022
    Hi Daniel,
    have you already installed the April patch on your server 2022?
    I first installed all currently available updates on the affected system and only then adjusted the GPO.

    In addition, of course, I also adjusted other things on the servers so that the event viewer no longer spits out errors. It may also be that one of these changes plays a role.

    However, I would not like to go through everything possible without knowing your surroundings and the error pattern more precisely.

    Please make sure first that you have installed all the latest updates.

    Best Regards from Germany
    Alex

Resources