issue is exactly as described inthis article and also here.
but since it's occuring on Windows 2012, neither hotfixes apply. the issue is present using any rdp client version, even when trying to go from one 2012 system to another, same domain, same network subnet, no firewalls.
I've already set the security layer setting to RDP and it did not help. the only way a user can change their expired password upon login is if I uncheck the NLA option on the server or set their expired passwords through other means.
we're not using TS gateway
does anyone have this issue with 2012 as the 2008 solutions don't apply...
