Troubleshooting: Login Failed Because of Expired AD Password

Issue

When you try to log in to a RDP session, you get the error message "Login Failed!" because your Active Directory password expired.
You are unable to change your password because the local logon does not provide an option for that.

Before following these instructions, check the ports:

• Login to Client -> Port 88

• Change password -> Port 464

Here you find an overview of ports of the Domain Controller: Required Ports to Communicate with Domain Controller

Solution

Enable Active Directory/Kerberos authentication for the RDP session. The next time you try to log in to IGEL OS, you will be prompted to change your expired password.

Changing an Expired Active Directory Password

When using sessions with passthrough authentication, it is essential that you lock your device's screen when leaving it unattended.

Enabling Active Directory/Kerberos Authentication for RDP Sessions

1. In IGEL setup, go to Security > Logon > Active Directory/Kerberos.

2. Enable Login to Active Directory Domain.

3. Go to Security > Active Directory/Kerberos.

4. Activate enable.

5. Fill in the Default Domain (Fully Qualified Domain Name).

6. Go to Sessions > RDP > RDP sessions > [RDP session] > Logon.

7. Enable Use passthrough authentication for this session.

8. Click Appy or Ok.
   

Please note that the client must now be locked locally and no longer in the session to prevent another person from entering the session via the passthrough without specifying the password.

Enabling Screen Lock

1. In the IGEL setup go to User Interface > Screenlock / Screensaver.

2. Enable Use Hotkey.

3. Under Modifiers select Win.

4. Under Hotkey enter "I".

5. Got to User Interface > Screenlock / Screensaver > Options.

6. Enable User Password.

So the "Win + L" hotkey locks the IGEL client instead of the session desktop.

The AD password must be entered to activate the IGEL clients.