Windowsserverdocs: Not being able to login with a microsoft based account

Created on 10 May 2018  Â·  33Comments  Â·  Source: MicrosoftDocs/windowsserverdocs

When using Microsoft account on latest Android app it gives error code 0xf07. Password is valid and still being used to login. Never had this issue before and it forces me to use a different app that aswell have issues recognizing an microsoft account. This has been an old bug on iOS but it seems to be returned on Android.


Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

remote-desktop system bug

Most helpful comment

Actually I do know what a DMZ is and I realize you have absolutely no idea what you're doing at all with networking. I happen to be a cyber defense expert and I have 2 degrees in Microsoft and Cisco networking. Do you want me to help or not? Making comments like do you even know what a DMZ does really bothers me when I'm donating my time to help you fix your issue. This post is very old and I'm the only one that's even bothered with you. I know exactly what your issue is now that you told me your network set up. Hopefully somebody else finds this thread and decides to help because I'm done with it.

All 33 comments

You can't connect to an AzureAD account with a mobile device like Android or iPhone unless you disable network level authentication on the host computer. That is in your remote desktop settings. Also just for reference, you also can not connect to a normal non domain joined Windows PC from an AzureAD joined PC regardless of NLA.

I also want to add that you used to have to log into the AzureAD PC by using the user account AuzureAD\firstnamelastname. Now it works by just typing the email address alone.

Well this never was before though. I always enabled RDP and left the settings as it was default when u enable it and never had such an isssue untill recently. Althought i am going to try it out after my work and will reply again with the results. Thanks in advance

The problem I think you're having is the PC is AzureAD joined, there's no local account on the PC per say. I literally just finished up addressing the issue you're having today after spending about 3 or so days on it and this was the solution that I came up with after discussing it with Office 365 support.

I'm not sure if it will work with or without if you initially set up the pc as "you own the PC" instead of "my organization owns the PC" and you join AzureAD after that.

Not sure what u mean by that. But i am not using azureAD or office 365. Its my personal PC at home with a workgroup and not connected to an domain or AD. I only use a microsoft account instead of a local user account. Like i said this never occured on my windows 10 machine since recently.
And i didn't change any settings. But still i will try your suggestion by disabling network level auth and see if it works or not and i will reply here with the results.

Wow, ok I just logged into GitHub and read your question here. On the Microsoft site it had this question linked to office 365 accounts. In your case I would try logging into account.live.com and make sure nothing pops up. I'd also make sure your security options are up to date as well.

Did Agent929's suggestions fix your problem? Thanks!

Nope it did not, this is literally the message i get everytime when i try connect with my android phone. We couldn't connect to the remote PC because the password associated with the user account has expired. Change your password, or ask your admin or tech support for help. Error code : 0xf07
At writing this i am currently logged in with the same account i try to use and using the same password. I can log into outlook.com just fine without errors. This must be a bug inside the app that makes the app think my password is expired and can't be used while it ain't since i am using the password daily to login so.

Did you try changing the password to see if it triggers anything? I don't see others having the issue. Are you behind a double NAT? That would be the only other thing I can think of at the moment although I doubt that's the issue here. Usually that message appears when trying to use NLA and you can't authenticate. Did you try disabling it to see what happens?

-------- Original message --------
From: chuckie1992 notifications@github.com
Date: 7/23/18 5:17 PM (GMT-06:00)
To: MicrosoftDocs/windowsserverdocs <[email protected] comment@noreply.github.com
Subject: Re: [MicrosoftDocs/windowsserverdocs] Not being able to login with a microsoft based account (#784)

Nope it did not, this is literally the message i get everytime when i try connect with my android phone. We couldn't connect to the remote PC because the password associated with the user account has expired. Change your password, or ask your admin or tech support for help. Error code : 0xf07
At writing this i am currently logged in with the same account i try to use and using the same password. I can log into outlook.com just fine without errors. This must be a bug inside the app that makes the app think my password is expired and can't be used while it ain't since i am using the password daily to login so.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/windowsserverdocs/issues/784#issuecomment-407219282, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AnZU0oFoII41v8yvicAaAhSPa1tBLiOpks5uJkuJgaJpZM4T5ZDY.

Thats not the issue because if i use my laptop and connect it to my phone using its inbuilt hotspot feature i can connect throught the same phone ip with just my laptop. My PC its local ip is in DMZ so that is not the issue aswell

Ok so you try to connect to your laptop with your phone, and you are not able to do it unless you are connected on the same network as the laptop, by using the adhoc network on the laptop? I'm just trying to understand how you connect and what works and what doesn't.

-------- Original message --------
From: chuckie1992 notifications@github.com
Date: 7/23/18 5:38 PM (GMT-06:00)
To: MicrosoftDocs/windowsserverdocs windowsserverdocs@noreply.github.comComment comment@noreply.github.com
Subject: Re: [MicrosoftDocs/windowsserverdocs] Not being able to login with a microsoft based account (#784)

Thats not the issue because if i use my laptop and connect it to my phone using its inbuilt hotspot feature i can connect throught the same phone ip with just my laptop. My PC its local ip is in DMZ so that is not the issue aswell

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/windowsserverdocs/issues/784#issuecomment-407223287, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AnZU0ps1uGJPSwATUDEfTbgT_pHgsuCXks5uJlBVgaJpZM4T5ZDY.

No i try to connect to my main PC that is setted as DMZ by my main router so i can reach it without issues from WAN. My phone is not connected at my home wifi or what so ever. So it uses its own WAN ip address. When i try to connect then i can't even with phone on the wifi and using the local ip of my PC. It gives me the same error. But when i use the native Remote Desktop program on my laptop that is temporary connected to my phones own network i can connect to my PC using its WAN ip address. Laptop works aswell locally on the same network as my PC still using the same password with all ways i tried. Laptop works fine but as soon as i use the my phone i get this error that the password is expired.

Is there a reason you have your PC set as a DMZ other than RDP? If not I'd highly recommend you take it off the DMZ and port forward 3389 (or if you're using a custom port use that) and set a static IP on the PC. From there you can use a DDNS or the public IP address (not the static IP address you just set) from anything running RDP whether you are on the local network or on a different network. I think your DMZ configuration might be causing your issue.

-------- Original message --------
From: chuckie1992 notifications@github.com
Date: 7/23/18 5:56 PM (GMT-06:00)
To: MicrosoftDocs/windowsserverdocs windowsserverdocs@noreply.github.com
Comment comment@noreply.github.com
Subject: Re: [MicrosoftDocs/windowsserverdocs] Not being able to login with a microsoft based account (#784)

No i try to connect to my main PC that is setted as DMZ by my main router so i can reach it without issues from WAN. My phone is not connected at my home wifi or what so ever. So it uses its own WAN ip address. When i try to connect then i can't even with phone on the wifi and using the local ip of my PC. It gives me the same error. But when i use the native Remote Desktop program on my laptop that is temporary connected to my phones own network i can connect to my PC using its WAN ip address. Laptop works aswell locally on the same network as my PC still using the same password with all ways i tried. Laptop works fine but as soon as i use the my phone i get this error that the password is expired.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/windowsserverdocs/issues/784#issuecomment-407226628, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AnZU0vqnO19pV4QpPUnqcB4B5gF_mUM4ks5uJlSRgaJpZM4T5ZDY.

Its because my ISP their modem for some reason doesn't open ports so i setup in that modem that my own router is the DMZ and in my router my PC the DMZ so i can reach it from the outside. Do u even know what DMZ does. That has literally nothing to do with my issue. If my DMZ was the issue i would not have been able to reach my PC at all. and that is not the case. Every port i open in Windows firewall works just fine and is reachable from WAN ip's

Actually I do know what a DMZ is and I realize you have absolutely no idea what you're doing at all with networking. I happen to be a cyber defense expert and I have 2 degrees in Microsoft and Cisco networking. Do you want me to help or not? Making comments like do you even know what a DMZ does really bothers me when I'm donating my time to help you fix your issue. This post is very old and I'm the only one that's even bothered with you. I know exactly what your issue is now that you told me your network set up. Hopefully somebody else finds this thread and decides to help because I'm done with it.

Well u started to assume its my DMZ setting which it is not. And i tried to explain what the reason i use this setup. I obviously know the risks it brings and thats why i use a firewall so i am atleast for most part still secure. That u can't stand my answer doesn't make me being wrong. I already explained i could reach my PC throught RDP with any other device besides my android device. That already shows its not my configuration.

To summary for new people seeing this thread. I have a PC in DMZ so i can reach it from the outside since my ISP their modem is shit in routing packets and opening ports. Sometimes i need to use RDP to get to my PC for some stuff. I don't need people to lecture me about DMZ, i know what it does and i know what risks it will bring. I use it this way for years and so far i've been only hacked once but that wasn't because i use DMZ.
On every device that supports remote desktop to be used as a client works connecting to my PC regardless of network settings.
The only device that appears to have issues connecting to a RDP(with microsoft account instead of local) is my android phone.
The error it gives is that apparently the app thinks the password is expired which it isn't and is still being used on a daily base. Its on the official Microsoft RDP app for android.
This particular bug happened aswell on the iOS a certain time ago and it got fixed. I did research before posting this and found that out.

It worked for me why do I need NLA it says recommended in the settings

NLA has been around since Vista and it's what they call front end authentication. It's good to have but the mobile apps specifically are not compatible when using domain authentication on the host. When you try to use it on the mobile app it gives that exact message every time you connect unless you disable it. I was pretty sure that was the OPs issue but he claims it didn't work. I can't make sense of the grammer issues in his replys when trying to piece it all together to help solve his issue. Glad to see the initial solution helped somebody.

Thats true but it was even disabled and with both enabling and disabling this feature i get the same result.

And my grammar might not be perfect. but you get annoyed pretty fast when someone tries to explain you the issue and you just come up oh it might be your DMZ setting while reaching my PC isn't even the issue. Its just the app tells me the password is expired while the password is still being accepted by Outlook.com and my PC itself without a warning that my password is expired or whatever. I've said like 4 times already: This is a bug that happened on the iOS app version aswell. go google it

Chuck, your network is jacked up significantly. Especially if what you said about your ISP router is true. Is it even in bridge mode? Yes I'm very annoyed because I charge people to fix issues and here I am doing it for free. When somebody who's a lot more skilled than you suggest edits to your config, don't just say "nope that's not the problem". A real DMZ has port forwarding options and much more configuration. I'm assuming you have a $20 Walmart router that just opens all the ports. That doesn't mean anything if your behind a double NAT. And running Windows firewall or any firewall for that matter on a DMZd Windows machine really doesn't help that much. There are tons of exploits for windows. There's not near as many for the routers (and no I did not say there's not a lot of exploits on routers, but I did say you can multiply that by 1000 when it comes to Windows).

The bottom line is that you have more than just that for issues and I can't help you if you're going to just tell me what I suggest is not the issue. Wouldn't it have been nice to resolve them all? I could have also probably worked out the issue with your ISP router as well.

The issue your talking about was fixed a long time ago chuckie

@agent929 to summary: 1st answer: No its not. my network is fine, my isp disabled the bridge mode feature and thats why im stuck with DMZ. I gave my own router which is no walmart 10 buck thingy but an TP link Archer c7 an static ip and disabled my isp modem its DHCP and NAT. 2nd u underestimate the knowledge that i carry. Yes my solution with DMZ aint the best but thats the only option i can use in my scenario since i got this highly disabled ISP modem that doesn't allow me to do anything. 3rd my router has aswell an firewall that is enabled and being used to open or block certain ports besides my own windows firewall. And ofcourse every OS has exploits and i am not afraid of that. The times that i either have been hacked or my pc was fcked due to a virus/exploit is very slim.
I don't even own any license for 3rd party Antivirus tools since im that confident in that i know what i click on and open.
And 4th i might found the culprit and that was the issue of microsoft for some reason fcking up my account. And 5th i really appreciate your help don't get me wrong. But don't shove stuff into me that has nothing to do with this issue.
And just to proof you are horribly wrong. I just fixed my issue by simply changing my password which for some reason works for everything but Remote desktop.
It makes no sense to me. I was able to login into Outlook, send emails or whatsoever. Recently bought a new phone and setup my email there aswell and it worked my password never got rejected. Only when i wanted to use my RDP.
So it was after all some bug in the backend of my outlook account.

@joaallen4 ye for iOS it was, and since i had the similar issue i thought it came back on android because this issue started on a similar date that the microsoft RDP android app had been updated. Thats why i assumed it was the same bug. But now it was just some issue in the backend of my outlook account, which was weird because technically if my password was expired i shouldn't be able to use it to login on Outlook to check my email. @agent929 and again i really appreciated your effort in fixing this issue together. But i already knew my network was completely fine. Since i use this DMZ feature for years now due to Dutch ISP's behaviour of limiting their customers power inside their modems. my previous modem i didn't use DMZ because in that modem i had bridge mode feature which is great. But for some reason in this new modem when i switched over to the business pack of my ISP for some reason has that feature disabled and port forwarding just not working correctly.
And they are not willing to change the firmware so that i could use bridge mode. They don't like that their customer gets the ability to change the ip on the fly with bridge mode by just changing the router's mac address.

I'm pretty sure one of my first post was about logging into your Microsoft account and making sure your security options were up to date. That long post just more or less proved my point that you read like you type. After seeing that didn't work out for you (or at least you said it didn't)what the heck else could it be? It would have to be a network issue.

And that is what i did, and i didnt thought of changing my password since i could login just fine into my microsoft account. Thats why i assumed it was something else. Bit weird if its the password but i can still use it for 90% of the case. And i really checked the security options and nothing really that took my attention that could be causing the issue. U should stop prejudging someone by how they type. That is not really appropiate to do so. English is not my native tongue so ofcourse expect grammar errors in it. You can't judge about a person by just the way he types. And i read all your posts carefully. Yes some things i did ignore for example the Azure post. I never used Azure so i already knew it has nothing to do with that.

Like u said: Wow, ok I just logged into GitHub and read your question here. On the Microsoft site it had this question linked to office 365 accounts. In your case I would try logging into account.live.com and make sure nothing pops up. I'd also make sure your security options are up to date as well.

I literally logged into that and nothing popped up so you can't blame me on that one. I literally did what u asked me to and yes i only didn't reply because i have other stuff to do aswell and this slipped my mind to tell you that it didn't work.

I'm glad that you've been able to solve your problem. Sounds like we could add a few troubleshooting tips to this article, including to reset your password if you can't connect and get a message that your PW is incorrect.

Because the problem's resolved, I'm going to close this now. Please let me know if there's anything I can help with.

And many thanks to the various folks who provided suggestions.

I just started having this identical problem a microsoft (outlook.com) account, the same credentials which I use to login to my computer locally. Local login with a keyboard works totally fine, but using the android remote desktop app I now get this message:
image

I also get the message that the "password has expired" when connecting via a windows RDP prompt.

I believe what's happening is somehow a company group policy may be enforcing the password expiration for this account when logging in from remote connections only. When I changed my outlook.com password, I was able to login remotely again. Very Unintuitive.

Hmm going to check the policies when i am back home since it happen few weeks ago for me again aswell.

any updates?

any updates?

Yes, this comes up regularly for me every 90 days or so as my company password policy dictates. I will get this error when the password has "expired" (even though it only expires for remote inbound connections, and not the outlook.com account itself, or logging in locally). To fix it I have to change the microsoft password, and then also login locally with the new password, for it to apply.

I also had the same problem. I clicked on login with local account instead and then provided the password for my Microsoft account after that I didn't fill the form and closed it. Then after that When I tried to login using RDC it worked perfectly. I would suggest using this method. pardon my English.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

aurelien-git picture aurelien-git  Â·  3Comments

janis-veinbergs picture janis-veinbergs  Â·  5Comments

jdrch picture jdrch  Â·  3Comments

yoshihirok picture yoshihirok  Â·  4Comments

tgmoorhead picture tgmoorhead  Â·  4Comments