Error changing AD Password

Error changing AD Password

The user is trying to change their password via the portal and is getting an error that the Directory Services was unable to change the password.

The following error shows on the loader console :

DEBUG [com.stoneware.service.public.Core.changePassword]: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org: userAccountControl = 200
DEBUG [com.stoneware.service.public.Core.changePassword]: The minimum password age is: 0
ERROR [com.stoneware.service.public.Core.changePassword]: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org: user flagged ’User cannot change password’
ERROR [com.stoneware.service.public.Core.changePassword]: Unable to change password: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1:
0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
]; remaining name ’CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org’ 


This means that you did not conform to password requirements. Active Directory password policy is enforcing password history, minimum password length, minimum password age or password complexity, then this will raise the LDAP Error Code 19 (invalid attribute exception), with an Active Directory problem code of 1005.


Another error code that means the same thing is :

javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000056: AtrErr: DSID-03190F00, #1:
0: 00000056: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)


Some other common LDAP errors dealing with password change problems.

Wrong Old Password while trying changePassword:
-----------------------------------------------
** While connecting with Admin Principal:
[LDAP: error code 19 - 00000056: AtrErr: DSID-03190F80, #1:
0: 00000056: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

** While connecting with the User's credentials (Standard ERROR_LOGON_FAILURE Message):
* If User must change Password:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

* If User is not obliged to change password:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1


Good credentials, new password same as old:
------------------------------------------
** While connecting with Admin Principal:
[LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F80, #1:
0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

** While connecting with the User's credentials:
* If User must change Password:(Standard ERROR_PASSWORD_MUST_CHANGE Message):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1

* If User is not obliged to change password:
[LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F80, #1:
0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)


Good credentials, good new password:
--------------------------------------
** While connecting with Admin Principal:
OK - No Error

** While connecting with the User's credentials:
* If User must change Password:(Standard ERROR_PASSWORD_MUST_CHANGE Message):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1

* If User is not obliged to change password:
OK - No Error 
    • Related Articles

    • Display password complexity in AD

      How can I display the password complexity for a windows domain that is not using Fine-Grained password features ? Click on Start, Run, GPEDIT.MSC Go to computer config-----windows settings---security setting--account policy----passwd policy This will ...
    • User password expiration / lockouts in Microsoft Active Directory

      How can I show accounts that are locked out in AD ? http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx Can I dump password expiration for users in AD ? AdFind.exe to dump the password expiration. Stoneware download / Utilities has this ...
    • LDAP Error Codes

      AcceptSecurityContext error, data 52e means "bad password" AcceptSecurityContext error, data 525 means "bad user name" AcceptSecurityContext error, data 773 means "password expiring" or similar.  Standard error codes Standard LDAP errors Error / data ...
    • Change Password Reset URL

      Issue Customer would like to use their own password changing application instead of the one built into Unified Workspace. Solution To point the Reset Password link to a specific URL: Open webAdmin Dashboard. Expand Customization Center. Expand ...
    • Error authenticating during webNetwork startup.

      The customer gets an error when starting UW: INFO [com.stoneware.service.DirectoryManager]: We are creating an AD connection. FATAL [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.AuthenticationException: [LDAP: ...
    • Popular Articles

    • Configuring and Troubleshooting Wake on Lan

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in Configuring and Troubleshooting Wake on Lan.
    • Reporting server discovery

      The discovery of the reporting server is done automatically and cannot be configured by the end user.  The reporting server will broadcast on UDP 796 a packet containing the address of the reporting server.    - In a peer to peer environment, the ...
    • Registry Switches for Options

      Problem: What are the registry switches for the Options key? Solution(s): In the registry of the Teacher or Student machine, locate the following registry location and make changes to the key named Options: 32-bit:  HKLM\Software\Lanschool 64-bit:  ...
    • Configuring Enterprise Data Collection on the LCS

      Get even more from your classroom management solution with educator usage data. Determine whether or not LanSchool is effectively incorporated into the classroom on a school- or district-wide scale.  This guide will show you how to enable and ...
    • Creating a shortcut to Open Teacher Console

      Problem: How to create a Teacher Console shortcut on Windows. Cause: N/A Prerequisite(s):  LanSchool Teacher on Windows Solution(s): To create a shortcut and have the console popup in Windows.  To create a shortcut and send the LanSchool Teacher to ...
    • Recent Articles

    • X-Content-Type-Options=nosniff header breaks Public webApp

      Issue Customers have added security headers to their SSL Offloading appliance to meet new security standards.  Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code. Solution We've ...
    • Unified Workspace Support for Windows Server 2022

      Issue Is Windows Server 2022 supported by Unified Workspace? Solution We are still in full testing of UW on Windows Server 2022, however we are seeing that UW functions properly on Server 2022. The issue we have with Windows Server 2022 is that our ...
    • Log4J 1.x Vulnerability CVE-2021-4104

      Issue A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-4104 Solution Unified Workspace does use Log4J 1.2.16. This vulnerability ...
    • Log4J Vulnerability CVE-2021-44228

      Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
    • Management Console non-directory credentials

      Question How can I access Unified Workspace if my directory credentials are not working? For example: We are having directory issues and need to configure Unified Workspace to connect to a different Directory Controller. Solution The Management ...