Académique Documents
Professionnel Documents
Culture Documents
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
Server & Tools Blogs > Server & Management Blogs > Ask Premier Field Engineering PFE
Platforms
Sign in
Hi, Linda Taylor here, Senior Escalation Engineer from the Directory Services team in the UK.
I have been working on this issue which seems to be affecting many of you globally on windows 8.1, 2012 R2 and
windows 10, so I thought it would be a good idea to explain the issue and workarounds while we continue to
work on a proper fix here.
The symptoms are such that after a password change, logon hangs forever on the welcome screen:
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
1/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
How annoying.
The underlying issue is a deadlock between several components including DPAPI and the redirector.
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
2/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
And the XML file is stored on a DFS based path. For example \\contoso.com\netlogon
OR
3. If you use GPP to map drives during logon to a DFS path like \\contoso.com\someShare
This issue happens due to a deadlock between DPAPI, Credential manager and the Redirector RDR.
The problem occurs on client computers with Windows 8.1, Windows 10 and also Windows Server 2012 R2 for
example RDS scenario.
The problem occurs most frequently after an admin password reset which has occurred elsewhere not the on the
client computer to which the logon is happening but it can also occur when the password change is not recent if
the user is logging onto a machine where the cached credentials are old and they have changed their password
on some other machine some time ago.
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
3/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
Some history:
This issue also has a long history and there are other variants of this deadlock which were fixed
before. See below list of related fixes:
X64leversionsfordpapisrv.dllandlsasrv.dll
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
4/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
h ps://support.microso .com/enus/kb/3101183Youcantlog
DPAPISRV.dll6.3.9600.18088.
ontoadomainjoinedcomputerinWindows8.1orWindows
Server2012R2
LSASRV.dllversion6.3.9600.18088.
ReleasedinOctober2015.
Note:thisisthelatestbutdoesnotresolvethisvariantofthe
issue.
3038562CannotaccessDPAPIdataa eranadministrator
Dpapisrv.dll
6.3.9600.17707
Lsasrv.dll
6.3.9600.17415
resetsyourpasswordonaWindowsServer2012R2based
domaincontroller
h p://support.microso .com/kb/3038562/ENUS
UpdatesLSASRV.dll6.3.9600.17042
2919355WindowsRT8.1,Windows8.1,andWindows
Server2012R2Update:April2014
h p://support.microso .com/kb/2919355/ENUS
Thiscontainswin8.1versionofKB2927267
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
5/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
h ps://support.microso .com/enus/kb/2927
267YoucannotlogontoWindowsa ertheadminchanges
yourpassword
There are some related past fixes for similar deadlocks in windows 8 also:
Windows 8 KB#
3084956
You cant log on to a domainjoined
computer in Windows 8 or Windows Server 2012
http://support.microsoft.com/kb/3084956/ENUS
Released September.
NOTE: This is the windows 8 equivalent of KB3101183.
KB3049843 https://support.microsoft.com/en
us/kb/3049843 You cannot access DPAPI data after an
Dpapisrv.dll
6.2.9200.21442
Lsasrv.dll 6.2.9200.20931
us/kb/2927267
Finally, Microsoft is actively working on fixes for Windows 8.1 / WS 2012 R2 and Windows 10 TH2 for the
current issue described above. I will share the release dates and article #s once known. If you experience
this issue please ensure you have all of the above fixes in place and use the workarounds noted above and
keep an eye out on updates to this blog.
Linda Taylor.
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
6/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
Tags
Mark
Archives
May 2016 4
April 2016 4
March 2016 5
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
7/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
February 2016 5
January 2016 4
All of 2016 22
All of 2015 63
All of 2014 66
All of 2013 90
All of 2012 64
All of 2011 4
Tags
Active Directory
Windows 8.1
Group Policy
Net Logon
Networking
Windows
Windows 10
Add Comment
5 months ago
I really like the issue explanation and why its happening. Good read
Anthony
5 months ago
I picked a good day to a mandatory password reset. Nothing but trouble today. I also
noticed that deleting the user profile at least locally, we do not use roaming profiles solves the problem.
Marc K
4 months ago
Anthony
4 months ago
When I called MS support on this the time frame they have in mind for a resolution is by
March.
Ravi Chinnasamy
4 months ago
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
8/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
Flemming Hjorth
4 months ago
I found that clearing the Credentials folder in local appdataMicrosoft also solves the
problem. Seems users are still able to log on with cached credentials even after clearing that.
Darren Hunter
4 months ago
Deleting the profile folder and temporarily disabling password cycling although not
ideal is the most effective solution as eventually users can logon to any machine so long as the password is not
amended. The quickest solution is to set the password
must be changed at next logon flag for the user account. This will enable logon to the current workstation but
will prevent logon from any other PC with an existing profile. This is a serious issue and we are inundated
helpdesk requests. Microsoft need to
resolve this NOW!
BrandonWilson
4 months ago
Aaron
4 months ago
Great read hoping for a hotfix or update to resolve this soon as it is frustrating!
4 months ago
Darren I like your suggestion/solution as well thank you! The fix for this issue is
coming very very soon. We will be updating this blog with a link on the day.
4 months ago
Jakob
4 months ago
Thanks for the explanation. I hope theres a fix for this soon, it is a showstopper our
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
9/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
deployment of Windows 10. We were a few days away from starting full scale
Brian
4 months ago
This has been happening to my company for about 2 months. Windows 8.1 clients with
Server 2012 nonR2 domain controllers. Everyone is assigned a machine. They change the password and it
hangs with "changing password". They hard boot and login and then
it hangs at "welcome". Sometimes they change the password, and then some time the next day they try to login
and it hangs at "welcome". They can logon to other computers. Other users can logon to their account.
Workarounds: Easiest is to hardboot then pull the network cable or place it in Airplane mode. Logon is successful.
Enable the network again and subsequent logons are good. You can also recreate the user profile and they will be
able to logon at first attempt.
Brian_DFW
4 months ago
Brian_DFW
4 months ago
Ill add that the password change is due to them being forced by the User Account
setting, "must change password at next logon." This is either because its a new user account, or their password
has expired. If I perform a CTRL+ALT_DEL > Change Password,
the problem is not experienced. Nor if I manually change their password and dont force a change at next logon.
So, my experience is kinda similar and kinda opposite of whats being reported above.
4 months ago
10/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
Odio este error porque te deja practicamente indefenso ante alguien que te pueda ver
de reojo escribir la contrasea, espero Microsoft lo solucione pronto el error
Nancy
4 months ago
Our school district has been plagued with this issue for too long. Our sub teacher
password changes daily and several subs use it everyday on several computers. We have to delete the profile daily
on many computers and some are not very speedy. Thats
daily, we still have to deal with users who have to change their passwords on a regular cycle. Please get it fixed.
Anthony Meluso
4 months ago
I also work in education, where almost all our students and teachers move from
computer to computer. Resetting or changing passwords is an instant kill for us. Its also holding us back from
certain migrations and deployments.
Jinish KG
3 months ago
Nicolas
3 months ago
3 months ago
hi Nicolas, it sounds like you experience a different issue after applying the patch. Do
the workarounds in this blog allow the logon to complete? i recommend trying the workarounds as a first
step to troubleshooting. please also state tell us the Os which you are using.
Thanks,
Linda
Daniel Slazinik
3 months ago
Does anyone have an update on this issue? We are experiencing this problem after
installing the cumulative update. I believe it is hanging due to our home drive mapping at login which is
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
11/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
conflicting with the authentication of the password change. We are unable to change home drive mapping, and
are also unable to turn off credential caching. I have scoured the internet but am not finding any update on this.
3 months ago
hi Daniel,
If the fix described here does not work for you then you have a different underlying issue/cause.
please tell us the OS involved and please check if the workarounds in this blog allow the login to proceed?
that would be one way of telling if you have *this* issue I would create a test user and reproduce the issue
and use that for your tests. ensure you have the relevant fix installed. Unfortunately the welcome screen is a
common one to see on logon hangs but the underlying activity can be completely different to this issue. Lots
of things happen during the time this screen is displayed to the user. Therefore the only way to be 100% sure
of what is causing your hang if the fix described here does not work is to review a complete memory dump
of the hung machine.
Hope this helps,
Linda.
Rob M
1 month ago
I was having really slow login with Windows 7 & they were still slow after I upgraded to
Windows 10 machines that had roaming profiles networked to a server with Windows Server 2012 full version. I
spent hours researching & trying to fix it and no luck. So, I switched my PC to a local profile & of course I didnt
have the issue anymore. I just recently switched it back to a roaming profile b/c I needed to work from a different
PC & for some reason its loading fast and what I would call normal. I dont why it fixed it, but as much as I have
tinkered with machines on in the past sometimes it is the simplest thing that fixes a problem & of course I always
try fixing what should be the root of the problem first & have a 15 round boxing match with the machine if its
really trying to piss me off. I must admit I do end up learning a lot of new stuff when researching & doing trial &
error, so if nothing else I do get some education in the process that usually helps later on.
Terry McManus
1 month ago
We found a work around, but havent found a permanent fix. This article really helped
shine some light on the issue. We suspected it had something to do with credential manager, but had not
idea about DFS mapped drives. We found that we can unplugging the LAN cable and having the user login
with the their old login and clear credentials in credential manager, then attempt to login with the new
credentials. Weve also found after the hang that sometimes the new credentials will login without clearing
the credentials, but the LAN cable has to be disconnected. It seems to always happen after a password has
been changed in AD. It caused us a lot of headaches here at the SCC. I assume it doesnt try to map the drive
once the cable has been disconnected.
12/13
5/27/2016
Doesyourwin8.1/2012R2/win10logonhangafterapasswordchange?|AskPremierFieldEngineering(PFE)Platforms
https://blogs.technet.microsoft.com/askpfeplat/2016/01/11/doesyourwin812012r2win10logonhangafterapasswordchange/
13/13