Hello and Good Day Microsoft Community...
I have a annoying issue that I hope someone has seen and resolved. My organization runs fairly large Windows 2008 R2 Remote Desktop Server farms. the RDSH servers are all in a Windows 2008 R2 Active Directory domain. In these RDSH farms, I have a Session Broker server configured, with load balancing enabled. All of that seems to work just fine. The problem we have with with users who connect to these RDSH farms with their password has expired and they must change it. In a Session Broker load balancing setup, the initial server a user connects to will not always be the server they end up on. The first server that takes the connection is a 're-director, and that re director checks the Session Broker server to see's first if there is a disconnected session. If there isn't, it checks to see which server in the farm has the fewest number of session. Once the server is found, the initial re-director server sends the users session to that RDSH. Going back to our problem, if a users password has expired, they log in, connect to the initial re-director server. That server notices that their password has expired, and facilitate the process of having the user change it. No problem there. Once the user changes the password and hits OK, the redirecting server then sends them to another server in the farm that has fewer sessions. Its at this point the user it prompted with an invalid password prompt, in which they have to enter their newly changed password again, and then they are allowed to log on. This is the problem I am hoping has a fix. When the first server handles the password change, that change should be send to the new servers that gets the redirection. Does anyone know why this happens? Its kinda annoying for your users to change their password, have the system confirm it was changed successfully, only to have the next server tell them their password it wrong. Its almost like the initial server that takes the password change it not passing that information to the next server in the farm. I wondered if this was something broken in Windows 2008 R2 RDS, so I stood up a Windows 2012 R2 test environment with Windows 2012 R2 RDS servers, and the same thing happens. Any thoughts?