Don’t let what happened to me happen to you! be sure to disable your Windows 2012 Server password expiration option before you store it in the closet somewhere. So I setup my Windows 2012 Server to function as a home file and media server with RAID redundancy. Before I start, i just want to say that Windows 2012 Server R2 is the most beautiful server operating system i’ve used. It is a very intuitive and stable operating system.
When I first setup my server I forgot to disable the password expiration setting in group policy. I don’t change this setting in the local policy because my server is setup as a domain controller. If yours is not then you can change it in the local policy. I’ve had this setup in my home basement and there was no monitor, mouse etc. If needed to I could always remote in. It ran beautifully for 40 some days and then it asked me to change the password while attempting a remote session. So I changed the password but then it wouldn’t let me connect back again. It would just spit out the message:
An authentication error has occurred.
The local Security Authority cannot be contacted.
This could be due to an expired password.
Please update your password if it has expired.
I believe the reason for this was because I had “network level authentication” enabled. Now i had to go get the computer from the basement, bring it back up and login locally. After logging in, the first thing I did was create a backup admin account in case of any issues like this in the future. I’ve also made this user a part of domain admins, remote desktop admins and schema admins. I left the Network level authentication alone as it adds an additional security level for my server. Remember that if you enable Network Level Authentication, you can only remote desktop into the server from a windows machine, If you are running Window XP, you will need SP3. So I had to say goodbye to my Ubuntu to Windows Server Remote desktop connection through Remmina.
Disable Windows 2012 Server Password Expiry
Since my server is a domain controller I went into group policy editor to make the changes. If your’s isn’t you can change it from Local Policies under Administrative Tools in the Control Panel. If it is a domain controller then you can find the Group Policy editor by doing a search in Windows Server 2012 as shown above. Once opened, expand your domain section. There you will see your “Default Domain Policy”, right click on it and go to edit. This brings us to the next screen.
Here you want to go into policies > Windows Settings > Security Settings > Account Policies. Once you are there you can edit a whole bunch of password security options. This is also where you can set a minimum password age, I set mine to “zero” to disable it. You can also set your password complexity requirements, since this is an overkill for my home server, I’ve set it to “Not Defined”. I’ve also set minimum password length to 2, because I wish to simplify logging into server shares etc.
I hope this was helpful in troubleshooting your Windows Server 2012 password issues, be sure to correct these settings accordingly before you tuck away that server some where it’s not easily accessible. Feel free to comment below with any tips or ideas that you may have.