Preboot can't provision a user whose password must change at the next logon

Technical Articles ID: KB91316
Last Modified: 2022-10-10 06:22:57 Etc/GMT

Environment

Management of Native Encryption (MNE) 5.0.0 and later
Data Exchange Layer (DXL) 5.0.0 or later

Problem

First-time Microsoft Active Directory (AD) users are unable to log on to systems protected via Preboot.

The issue applies when the AD account specifies that a user must change their password at the next logon.

Cause

The Preboot must perform a one-time provisioning of users the first time they log on to each system.

The AD account attribute, 'must change their password at the next logon,' prevents the user from successfully logging on to the system.

Solution

Take the following actions:

The user must perform a Windows logon, which is connected to the same domain.
The user must then follow the standard Microsoft password-reset workflow for first-time users.

The user is now able to authenticate using Preboot on the system they used to reset their password.
If OpenDXL is configured, the user can also authenticate via Preboot on the original system where the problem arises.

Related Information

See also a related topic where MNE 5.0 Self-Service Portal can't recover an unprovisioned user. For details, see KB91315 - The Self-Service Portal can't recover an unprovisioned user.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Preboot can't provision a user whose password must change at the next logon

Environment

Problem

Cause

Solution

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Preboot can't provision a user whose password must change at the next logon

Environment

Problem

Cause

Solution

Related Information

Affected Products

Languages:

Choose your region

Title

Title