Active Directory
A set of directory-based technologies included in Windows Server.
6,642 questions
Uninstalling KB5011551 from my DCs resolved the issue. Thanks
Password Change Logon Loop
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 48%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Robert Pearson
31
Reputation points
Hello, I have this issue when users passwords expire or I manual reset them with "User must change password" box checked. Every time they enter a new password it tells them to do it again in an endless loop. Any ideas?
We have two DC's with Server 2019 and one DC with 2012.
We do do AD SYNC to Azure
PCS are mostly Windows 10 with a couple Windows 11
Thanks
{count} votes
-
Carlos Solís Salazar 17,971 Reputation points2022-03-29T13:01:50.937+00:00 are the users trying to reset the password from Azure AD, MS365 or from the PC?
Because, if it is from Domain Join PC, your Azure AD connect should not be the issue.
----------
NOTE: To answer you as quickly as possible, please mention me in your reply.
-
Robert Pearson 31 Reputation points
2022-03-29T13:03:24.49+00:00 They are resetting from their local PC.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 49%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Alex Cella 26 Reputation points2022-03-29T19:36:26.707+00:00 I had the same issue on 3 AD Windows 2019 1809 Datacenter, WinVer 17763.2746.
Solved after removing KB KB5011551all users stucked in an endless loop to change password after reset
-
Alex Cella 26 Reputation points
2022-03-29T19:42:51.817+00:00 The loop occurs If you set "user must change password at next logon " Not check is a workarround or unclock accout (to use older password) whitout to change it
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CRoth2 36 Reputation points2022-03-30T16:38:11.747+00:00 My colleague has confirmed the same issue. We didn't uninstall yet, but we've confirmed the behavior with the expired accounts or must change password on next logon accounts. @JamesTran-MSFT Has this been escalated as a bug or issue to be resolved in a future release? I'd prefer not to uninstall if we can get by a short-while until a patch/fix is available.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 31%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Edwin Davila 1 Reputation point2022-03-30T17:47:14.18+00:00 I had the same issue on 2 AD Windows 2019. My problem is that I had to do a recent "Windows Updates" old files clean up from the system and now cannot remove the update in question. Is there a workaround to remove this update?
Thank you!!!
Edwin -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 57.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
ramblingon 1 Reputation point2022-04-04T14:13:54.37+00:00 One of my clients ran into the loop. Troubleshooting variables: All account options were unchecked, user successfully changed pw, reboot pc 10xs.
The temp fix: Enabled user cannot change pw & pw never expires. Hope this helps.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 35%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Stefan 1 Reputation point2022-04-05T08:38:59.553+00:00 We have the same issue. But we are not connected to Azure and only use DC's with Server 2019.
-
ramblingon 1 Reputation point
2022-04-05T14:53:47.477+00:00 Uninstalling KB5011551 worked for me too.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 1%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Joe Network 6 Reputation points2022-04-05T22:44:18.72+00:00 We have also experience the same thing with our Server 2019 Active Directory Domain Controllers after the KB5011551.
We are currently getting by by changing our users passwords, then instructing them to use ctrl-alt-delete once they are logged in to change their password.
Not an ideal solution, and I may wind up removing KB5011551, like everyone else. It's a pain because we have 6 domain controllers, and it seems like a lot of unnecessary work when windows should come up with a patch for this.
-
CRoth2 36 Reputation points
2022-04-06T21:49:32.193+00:00 I agree, this should be fixed and we are just getting by until a new update is out instead of messing with uninstalling and those troubles.
-
CRoth2 36 Reputation points
2022-04-11T21:29:49.61+00:00 Has anyone word on whether this will be resolved with the 2022-04 Cumulative "Actual" non-preview update?
Sign in to comment
6 answers
Sort by: Most helpful
-
Robert Pearson 31 Reputation points
2022-03-29T13:37:07.96+00:00 -
JamesTran-MSFT 36,636 Reputation points Microsoft Employee2022-03-29T20:44:29.62+00:00 @Robert Pearson
Thank you for following up on this and I'm glad that you were able to resolve your issue!
Sign in to comment -
-
CRoth2 36 Reputation points
2022-04-14T16:46:13.287+00:00 April update KB5012647 build 17763.2803 says, "Improvements: Addresses an issue that prevents you from changing a password that has expired when you sign in to a Windows device." I have installed the update on my DCs and restarted and confirm that I am now able to reset a user's password when "User must change password at next login" is checked. I did not test an expired user since I didn't have one, but that should be resolved also.
-
CRoth2 36 Reputation points
2022-04-20T14:17:02.243+00:00 With this new layout there is no propose as answer for the thread, but I believe this should be the ultimate answer now that the issue has been resolved in a production patch release.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 45%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcus Polz 1 Reputation point2022-04-01T16:18:38.403+00:00 I experienced the password loop with users after a March 22nd update. We are on 2 AD Windows 2019 1809 Standard WinVer 17763.2746. We do AD SYNC to Azure as well. We see the issue occur upon expiration of a user password or when ticking the box to have user change password at next logon. No unusual event logs were observed. You can test by expiring a user account, the next login attempting to change password loops. The uninstall of Microsoft update KB5011551 takes a scary long time to remove, it completed in about twenty minutes. It does require a reboot of the server which also takes about thirty-forty minutes, I'd suggest staggering reboots of the DCs :).
Verified, removal of KB5011551 resolved my password issues.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 90%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
sławomir wowry 1 Reputation point2022-04-02T09:31:44.863+00:00 The question is when Microsoft will release a patch
We have several DC controllers in the organization
and uninstalling KB5011551 will take a long time-
sławomir wowry 1 Reputation point
2022-04-14T19:38:34.753+00:00 thank you all
Just yesterday I read about this new KB5012647 update and the many fixes it brings
Today I installed on my 4 DCs
next week I will test while users are working -
CRoth2 36 Reputation points
2022-04-14T19:58:30.79+00:00 @sławomir wowry it took me 5 minutes to find your comment after I had received it in my email because it wasn't at the bottom of the page where new entries typically show up in a forum. Comments vs. answers in this forum are every confusing...Was it so hard to just have all the responses be displayed inline and then have the original poster or moderator mark a response as the "Answer"? Why the Answers versus Comments...weird. I guess I am just too old... BRING BACK TECHNET!
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 23%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Pflipper 96 Reputation points2022-04-04T23:46:05.983+00:00 I have the same endless loop issue with an expired password on a domain Admin account for an Azure vm. Microsoft needs to fix this ASAP. Have this KB5011551 installed on 3/26, I come back from time off and now I am hosed.
BTW, I tried to uninstall the hotfix through Powershell in the Azure portal. This does not work - why ? --> C:\Windows\System32\wusa.exe /uninstall /kb:5011551 /quiet /norestart
-
Pflipper 96 Reputation points
2022-04-05T23:29:03.093+00:00 Had to work with Azure support to navigate the arduous process of recovering the OS/disk to a new VM, applying the OS to Hyper-V, uninstalling KB5011551, doing the password update, then unravelling everything by applying the recovered OS/disk to the current VM. All in all, this "event" took a full day+ of my time. Just because Microsoft broke something again.
Henceforth, added a new local Admin to the OS (will overlap password changes with the original Admin every 20 days) and went into GPO and set the user to have password not expire. Can never have to many fail-safes with MS.
Sign in to comment -