If you get the following error message the first time that you access Windows after installation,
then your client has been negotiating with the server for network level authentication.
However, network level authentication is executed before a remote desktop session has even been created.
That means that you cannot perform the forced password change during the first login.
Temporarily disabling network level authentication
To make the password change take place despite this, you must first temporarily disable network level authentication.
To do this, first, create a RDP file:
The save the file as Newconnection.rdp
Now, open the file with notepad and add the following line at the bottom:
Save it. Now click on it to open and login.