Error changing AD Password

Error changing AD Password

The user is trying to change their password via the portal and is getting an error that the Directory Services was unable to change the password.

The following error shows on the loader console :

DEBUG [com.stoneware.service.public.Core.changePassword]: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org: userAccountControl = 200
DEBUG [com.stoneware.service.public.Core.changePassword]: The minimum password age is: 0
ERROR [com.stoneware.service.public.Core.changePassword]: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org: user flagged ’User cannot change password’
ERROR [com.stoneware.service.public.Core.changePassword]: Unable to change password: CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1:
0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
]; remaining name ’CN=testpasschange,OU=portal,dc=xxx,dc=xxx,dc=xxx,dc=org’ 


This means that you did not conform to password requirements. Active Directory password policy is enforcing password history, minimum password length, minimum password age or password complexity, then this will raise the LDAP Error Code 19 (invalid attribute exception), with an Active Directory problem code of 1005.


Another error code that means the same thing is :

javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000056: AtrErr: DSID-03190F00, #1:
0: 00000056: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)


Some other common LDAP errors dealing with password change problems.

Wrong Old Password while trying changePassword:
-----------------------------------------------
** While connecting with Admin Principal:
[LDAP: error code 19 - 00000056: AtrErr: DSID-03190F80, #1:
0: 00000056: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

** While connecting with the User's credentials (Standard ERROR_LOGON_FAILURE Message):
* If User must change Password:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

* If User is not obliged to change password:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1


Good credentials, new password same as old:
------------------------------------------
** While connecting with Admin Principal:
[LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F80, #1:
0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

** While connecting with the User's credentials:
* If User must change Password:(Standard ERROR_PASSWORD_MUST_CHANGE Message):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1

* If User is not obliged to change password:
[LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F80, #1:
0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)


Good credentials, good new password:
--------------------------------------
** While connecting with Admin Principal:
OK - No Error

** While connecting with the User's credentials:
* If User must change Password:(Standard ERROR_PASSWORD_MUST_CHANGE Message):
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1

* If User is not obliged to change password:
OK - No Error 

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...
      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
      • Related Articles

      • Display password complexity in AD

        How can I display the password complexity for a windows domain that is not using Fine-Grained password features ? Click on Start, Run, GPEDIT.MSC Go to computer config-----windows settings---security setting--account policy----passwd policy This will ...
      • LDAP Error Codes

        AcceptSecurityContext error, data 52e means "bad password" AcceptSecurityContext error, data 525 means "bad user name" AcceptSecurityContext error, data 773 means "password expiring" or similar.  Standard error codes Standard LDAP errors Error / data ...
      • User password expiration / lockouts in Microsoft Active Directory

        How can I show accounts that are locked out in AD ? http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx Can I dump password expiration for users in AD ? AdFind.exe to dump the password expiration. Stoneware download / Utilities has this ...
      • Error authenticating during webNetwork startup.

        The customer gets an error when starting UW: INFO [com.stoneware.service.DirectoryManager]: We are creating an AD connection. FATAL [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.AuthenticationException: [LDAP: ...
      • Error when creating a new user

        Getting error: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F   This means either you did not have a password that matches the AD password policy rules or you do not have SSL enabled on the directory services tab in the ...