On Mon, Jan 27, 2025 at 12:08 PM Brad Turnbough < [email protected]> wrote:
> Guac gives us a message about the RDP connection being denied, but doesn’t > provide the reason why. > > > > Upon further investigation, the AD account password was set to ‘change at > next logon’. > > > > Once we disabled that, we were able to login without issue. > > > > Is this a known issue, a bug, or something that I need to report via the > proper means/measures? > > > My recollection of this issue is that it's a known issue with RDP + NLA, in general, and not something specific to Guacamole. I believe it has to do with the way that NLA works - the authentication happens as part of the connection step, prior to the ability to actually interact with the Windows interface. This means if something like a password expiration or forced password change is required for the account it will not be possible to log in with RDP. If your experience differs and you're able to successfully connect with something like Microsoft Remote Desktop client or xfreerdp with an account in the above state, feel free to reply and tell me I'm wrong :-). I'm going off past experience/memory, here. -Nick >
