An Unexpected Consequence of Super-Stability

This would never have happened with Windows XP.

As I always do after a long day of driving I woke up this morning and reached for my phone.  I had driven 1,092kms the previous day, which meant that I spent my attention on the road and not on my phone – doubly so because it was a Sunday, and in my current role nothing earth-shattering ever happens on Sunday.  I did, however, check my email during the occasional stop… and it worked.

This morning it did not.

My email password for my @microsoft.com email account was not working, but I wasn’t worried… I was sure that I would log on and find out that there had been some glitch in the system between 7:48am and 7:51am, and that all was well.

…and then it occurred to me that it has been roughly a year to the day since I got my account, and it was possible that it had expired – or worse, not been renewed.

I checked Lync.  Lync works on an entirely different system than email, and it should work.

We can’t sign you in. Please check your account info and try again.”

Crap… this is serious… I may, as of this morning, no longer be an @microsoft.com!  That would be terrible for many reasons, not the least of which was that someone decided to shut me off without a conversation 😦

When you log on to Windows 8 (or any version for that matter) Windows (Kerberos actually, but that’s another story) checks your credentials against an Active Directory Domain Controller.  It happens every time.  It doesn’t only check to see that your password is valid, it checks that your account is valid, and if your password is expired (or set to expire).  It gives you plenty of notice too… it will start warning you two weeks or so before the expiry date so that you don’t miss it.

Unfortunately it does not work the same way when waking your system from sleep or unlocking your previously authenticated account.  All it does is confirm that your account was valid when you last logged on, and that your password is correct.  Kerberos does not go out to Active Directory for this, it just checks the locally cached credentials.

So what happens in a world where Windows is so solid that you almost never have to log off?  In the last three weeks I have worked from the office in Mississauga, the office in Montreal, the office in Ottawa, several locations in Portland (Maine), and of course a weekend in Redmond and a day on campus… from hotel rooms, Internet cafes, and for 20 stressful minutes last week from the passenger seat of my wife’s minivan as we drove from Toronto to Montreal.  At the end of my session I simply closed the lid to my laptop and put it away,  or simply locked the screen.

In three weeks I have not had to log off my computer because Windows is so much more stable than it ever was.

The unfortunate and unexpected consequence to this, unfortunately, is that this morning rather than working from home as I had planned I had to come into the office because once that password expires you have to be physically connected to the internal network to change it… DirectAccess (one of the greatest tools ever invented for the purpose of working remotely) doesn’t cut it… because your credentials to connect are currently invalid!

So yes, my password expired.  No, my account has not been disabled, and yes, you are going to have to put up with me for a while longer.  However I hope you learn from my experience… if it’s been a while since you were prompted to change your password don’t wait… do it proactively so that you can work in your pajamas and avoid the Monday morning rush hour!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s