it's weird but I can't change the password of a domain user when I'm logged on a domain pc with Windows 8.
I'm sure that the password mets the requirements (I also tested here https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx ), in fact if I change it from a domain controller I can do it without any problem.
But if I try to set the same on Win 8 I can't, the system tell me that the password doesn't meet the minimum requirements.
I also examined the event viewer but seems that the system didn't record any event related to.
Some suggestion about to solve it?
You can get similar symptoms if the domain password policy has "Minimum password age" set. This setting is measured in days, meaning you can set password once every 'x' days. For example if it is set to 1, you can change password once a day.
And, technically speaking, you don't "change" the password on DC, but you "reset" it. The difference is:
Changing password - The end user supplies the old password and then the new one.
Resetting password - The admin resets password without knowing the old one.
- Proposed as answer by Sathish_IT 19 hours 37 minutes ago
- Unproposed as answer by Sathish_IT 19 hours 37 minutes ago
You can get similar symptoms if the domain password policy has "Minimum password age" set. This setting is measured in days, meaning you can set password once every 'x' days. For example if it is set to 1, you can change password once a day.
And, technically speaking, you don't "change" the password on DC, but you "reset" it. The difference is:
Changing password - The end user supplies the old password and then the new one.
Resetting password - The admin resets password without knowing the old one.
- Proposed as answer by Sathish_IT Sunday, August 02, 2015 11:47 AM
- Unproposed as answer by Sathish_IT Sunday, August 02, 2015 11:48 AM
You can get similar symptoms if the domain password policy has "Minimum password age" set. This setting is measured in days, meaning you can set password once every 'x' days. For example if it is set to 1, you can change password once a day.
And, technically speaking, you don't "change" the password on DC, but you "reset" it. The difference is:
Changing password - The end user supplies the old password and then the new one.
Resetting password - The admin resets password without knowing the old one.
Hi,
Sorry for the late reply.
For the issue, I suggest you check the password requirement on the DC.
The password strength is determined by the DC.
Because this is a Domain environment, I suggest you check your DC policy firstly.
Hope this helps.
Regards,
thank you for suggestion, I already checked the policy on DC, I need that my password respects the default requirements (8 chars, letters and symbols, etc...).
The strange is that changing the password of the same user works well in all machine that are not Win 8, while doesn't work setting the same password in Win 8
ok thank you, and so?
It's a bug of win 8, or can I do something to solve the problem?
I manage an active directory network with more than 300 clients, I can't say to people to go on another machine when their password is expired!
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
- Proposed as answer by Michael.David Thursday, December 19, 2013 10:15 AM
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
- Proposed as answer by Michael.David Thursday, December 19, 2013 10:15 AM
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
- Proposed as answer by Michael.David Thursday, December 19, 2013 10:15 AM
Goes beyond this. If the user gets prompted that the password has expired and enters the old and then ne password, Windows 8 keeps coming back with the password expired and must be changed. On any other machine without Windows 8, it works fine from that p
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
Can anyone else confirm that this issue indeed exists in a "2008" domain as well? We've gotten a few reports by Win8 users with expired passwords in our "2003" domain.
We also having the same problem. but our environment is WIN 2008 Mixed mode. we are getting the error that the database of this computer is not present. Do anyone can suggest a solution for it.
Yes. confirmed in our domain with 2008 R2 level.
We have this problem into Windows 8 and 8.1 client machines.
We have the same issue. We tried to pull out the patch 2883201 out of the windows 8 machine, rebooted and it did not resolve the issue.
Reading the header on the patch "Windows RT, Windows 8, and Windows Server 2012 update rollup: October 2013" I wonder if they skipped all the other servers.
I am also having this problem with Windows 8 and 8.1 clients (connected to sbs2003 primarcy domain controller) and the problem occurs under 2 conditions:
- Domain Password has expired and the user is prompted to change the password.
- Occurs when the domain admin forces to 'Change Password on Next Logon'.
Users are able to change password using Ctrl+Alt+Del without any issue.
I haven't found any solution to this issue but am searching for an answer as well? I will try to remove the update (KB2883201) identified above to see if it makes a resolves this with my 8 users, and if there is a update to remove that will fix it for 8.1 I would really like to know.
I am also having this problem with Windows 8 and 8.1 clients (connected to sbs2003 primarcy domain controller) and the problem occurs under 2 conditions:
- Domain Password has expired and the user is prompted to change the password.
- Occurs when the domain admin forces to 'Change Password on Next Logon'.
Users are able to change password using Ctrl+Alt+Del without any issue.
I haven't found any solution to this issue but am searching for an answer as well? I will try to remove the update (KB2883201) identified above to see if it makes a resolves this with my 8 users, and if there is a update to remove that will fix it for 8.1 I would really like to know.
Just confirming that using Ctrl-Alt-Delete to change your password is only possible if the p/w has not expired or a p/w change isn't being forced, right? Unlike WinXP, hitting Ctrl-Alt-Delete at the logon screen doesn't pull up a menu on Win 8/8.1 that has the change p/w option. Also, even if I enable the option to force the user to hit Ctrl-Alt-Delete to login on Win8, it simply goes to the logon screen which comes up by default.
Anyhow, I'm glad to see that there's a lot of activity in this thread and that this issue doesn't just affect purely Windows 2003 domains like we're running. Luckily for us, we don't have immediate plans to deploy Win8 so only have to deal with a small handful of users calling in with this
Uninstalling KB2883201 is working for me too.I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
Uninstalling KB2883201 is working for me too.
Yes but I believe this only works for Win8 where KB2883201 may be baked into the Win 8.1 core as someone else mentioned. For Win 8.1, I tried removing what I thought was the 8.1 counterpart of that October 2013 update rollup but didn't help.
I tend to agree that this seems like a bug, which applies only to Windows 8 /8.1 clients, more than like a feature which MS have implemented on purpose. We as well have noticed this behavior, and can't believe that so few others have posted something about this on the net.
In our organization we are using Windows 2008 domain and forest levels, so maybe that's a problem - the client is unable to order a password change to the domain controller due to issue with how communication is done, or due to improper credential caching?
We have found that the Windows 8 update causing this is the following update -> http://support.microsoft.com/kb/2883201 (and more specifically, check out this description - kb2845626).
After uninstalling the above update, the issue is gone and you can change expired domain passwords through the client (for Windows 8.1 I haven't located the exact update causing this (it may be directly integrated into the core installation)).
We are having the same issue here:
Server 2012 R2 Domain Functional Level
Affecting both Windows 8 and 8.1 clients
Hi,
I have the same issue with a 2003 Server (not SBS). I uninstalled the kb2883201 and the problem is fixed with Win 8 (I don't have Win 8.1 computers)
Chag
Hello everyone, especially MS :-/
I Have same problem after upgrade Windows 8 to Windows 8.1. But now I can't uninstall KB2845626 in Windows 8.1 :-(, what can I do?
Sorry for the delayed response. Clint, you are correct: Users can change their password using Ctrl-Alt-Del providing their passwords have not expired. I still haven't found any resolution to this issue, it would be nice to have an answer from Microsoft soon because this issue occurs for users once every 42 days... An obvious resolution would be to change the group policy for passwords to never expire but that would definitely be against best practices, which would mean using windows 8 is less secure than previous operating systems, consequently this must be a bug of some sort rather than a Microsoft 'by Desiginism'
Some patch was released yesterday: http://support.microsoft.com/kb/2910686/en-us
Regardless of 8.1 mentioned in title, maybe it works for Windows 8 too.
Nice find Kirill! This seems promising.
According to Mircosoft, the hotfix should be applied on the 2008 R2 domain controllers on the domain (it's a server not a client patch), so I guess once applied on the domain controllers, password change should work for both Windows 8 and Windows 8.1 clients - but that's just a guess, haven't tested it yet.
I'll write back once I have the chance to test it.
Confirmed! This hotfix corrected our issue.
http://support.microsoft.com/kb/2910686/en-us
I first ran into this in Dec/Jan 2013/14 and no hotfix was available. Ran into this again recently as passwords are beginning to expire, decided to revisit this thread and found that Kirill posted this link, Thank You!
We have a PDC running 2008R2 and a BDC running 2008, running at 2008 function level. I applied this to my PDC, and I DID HAVE TO REBOOT the PDC for it to fix the issue, contrary to what the hotfix article says.
- Proposed as answer by Kirill Nikolaev Monday, July 07, 2014 8:16 AM
Confirmed! This hotfix corrected our issue.
http://support.microsoft.com/kb/2910686/en-us
I first ran into this in Dec/Jan 2013/14 and no hotfix was available. Ran into this again recently as passwords are beginning to expire, decided to revisit this thread and found that Kirill posted this link, Thank You!
We have a PDC running 2008R2 and a BDC running 2008, running at 2008 function level. I applied this to my PDC, and I DID HAVE TO REBOOT the PDC for it to fix the issue, contrary to what the hotfix article says.
- Proposed as answer by Kirill Nikolaev Monday, July 07, 2014 8:16 AM
Confirmed! This hotfix corrected our issue.
http://support.microsoft.com/kb/2910686/en-us
I first ran into this in Dec/Jan 2013/14 and no hotfix was available. Ran into this again recently as passwords are beginning to expire, decided to revisit this thread and found that Kirill posted this link, Thank You!
We have a PDC running 2008R2 and a BDC running 2008, running at 2008 function level. I applied this to my PDC, and I DID HAVE TO REBOOT the PDC for it to fix the issue, contrary to what the hotfix article says.
- Proposed as answer by Kirill Nikolaev Monday, July 07, 2014 8:16 AM
Any updates for 2003 Domain Controllers?
I am in the same boat.
2003 R2 functional level domain with both Windows 8 and 8.1 clients.
I have pulled KB2883201 on Windows 8 but have no official option for 8.1 at the moment.
- Edited by Cam_NZ Monday, March 10, 2014 3:21 AM Wrong KB listed
Any updates for 2003 Domain Controllers?
I am in the same boat.
2003 R2 functional level domain with both Windows 8 and 8.1 clients.
I have pulled KB2883201 on Windows 8 but have no official option for 8.1 at the moment.
- Edited by Cam_NZ Monday, March 10, 2014 3:21 AM Wrong KB listed
Any updates for 2003 Domain Controllers?
I am in the same boat.
2003 R2 functional level domain with both Windows 8 and 8.1 clients.
I have pulled KB2883201 on Windows 8 but have no official option for 8.1 at the moment.
- Edited by Cam_NZ Monday, March 10, 2014 3:21 AM Wrong KB listed
Any updates for 2003 Domain Controllers?
I am in the same boat.
2003 R2 functional level domain with both Windows 8 and 8.1 clients.
I have pulled KB2883201 on Windows 8 but have no official option for 8.1 at the moment.
FYI: A co-worker just came across the following KB article which looks promising for those of us still in a W2k3 R2 domain.
We are seeing this in our environment as well:
DCs - Server 2012
Domain Functional Level - 2008R2
Clients - Windows 8.1 Pro
I cannot change my 'normal' domain account from my Windows 8.1 machine.
We are seeing this in our environment as well:
DCs - Server 2012
Domain Functional Level - 2008R2
Clients - Windows 8.1 Pro
I cannot change my 'normal' domain account from my Windows 8.1 machine.
We are seeing this in our environment as well:
DCs - Server 2012
Domain Functional Level - 2008R2
Clients - Windows 8.1 Pro
I cannot change my 'normal' domain account from my Windows 8.1 machine.
Perfect one. The KB2927811 for Windows 2003 was released to all my servers within our WSUS on the last march patches release of Microsoft.
The 2910686 seems not being released yet. We should install it by hand.
I opened a ticket on this issue. Here is what we have
DC's - 2008R2 and 2012
Functional Level - 2003
Clients - Win 8.1 Pro
Here is the hotfix I was given. I haven't tested because it was internal only at the time. They also wanted me to enable TESTSIGNING.
KB2910686
Everything was working flawlessly for several months after the patch mentioned in this thread was applied to the Windows 2008R2 domain controllers we had.
Unfortunately the problem has resurfaced for us on Windows 8.1 clients in a mixed Windows 2008R2/Windows 2012 environment.
There's a windows update rollup which was pushed to clients on the last patch Tuesday back in October, which seems to fix a domain machine password-related issue for clients on a mixed Windows 2003/2012 environment - but breaks this. I'm referring to patch http://support.microsoft.com/kb/2984006
Has anybody else also experienced this?
- Edited by AUzunov Thursday, November 06, 2014 1:18 PM
Everything was working flawlessly for several months after the patch mentioned in this thread was applied to the Windows 2008R2 domain controllers we had.
Unfortunately the problem has resurfaced for us on Windows 8.1 clients in a mixed Windows 2008R2/Windows 2012 environment.
There's a windows update rollup which was pushed to clients on the last patch Tuesday back in October, which seems to fix a domain machine password-related issue for clients on a mixed Windows 2003/2012 environment - but breaks this. I'm referring to patch http://support.microsoft.com/kb/2984006
Has anybody else also experienced this?
- Edited by AUzunov Thursday, November 06, 2014 1:18 PM
Everything was working flawlessly for several months after the patch mentioned in this thread was applied to the Windows 2008R2 domain controllers we had.
Unfortunately the problem has resurfaced for us on Windows 8.1 clients in a mixed Windows 2008R2/Windows 2012 environment.
There's a windows update rollup which was pushed to clients on the last patch Tuesday back in October, which seems to fix a domain machine password-related issue for clients on a mixed Windows 2003/2012 environment - but breaks this. I'm referring to patch http://support.microsoft.com/kb/2984006
Has anybody else also experienced this?
- Edited by AUzunov Thursday, November 06, 2014 1:18 PM
Just so you know here is the fix
http://www.microsoft.com/en-us/download/details.aspx?id=42102
Is there any solution for Windows Server 2008 (non-R2) domain controllers?
Hi All,
We are seeing this in our environment as well:
PDC - Server 2012
ADC -server 2008 x 86
Domain Functional Level - 2008
Clients - Windows 8.1 Pro
Unable to change password the error is following
The security database on the server does not have a computer account for this workstation trust relationship
Hi,
DC ruining 2012 but patch is available 2008 how to apply? Windows 2012
any one help to me...