Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > Active Directory > Can’t change password on Windows Server 2008.

Reply
Thread Tools Display Modes

Can’t change password on Windows Server 2008.

 
 
Piotr
Guest
Posts: n/a

 
      03-11-2010
Hi,
Could you help me to fix following issue please? I can’t find any solution.
I tried to change password when I’m logged over RDP (CTRL+ALT+END) to
Windows Server 2008 and whatever I do I’m getting error: “Unable to update
the password. The value provided for the new password does not meet the
length, complexity, or history requirements of the domain.”
But unfortunately it meets…..

So basically I run Result Set of Policy Wizard for the user and got:
Enforce password history 24 passwords remembered
Maximum password age Not Defined
Maximum password age Not Defined
Maximum password length 9 characters
Password must meet complexity requirements Enabled

And I’m using password like: Dkj%4fdd8 or DJfkj%43*432 so they obviously
meet rules (I tried even 25 chars). I also tried to change GPO and disabled
complexity and changed length – no luck.

As I completely built Server and AD I’m sure there is nothing unusual in
configuration. I also tried to reboot DC, login using couple of different
users, use different machines – no luck. Whatever I do I’m getting the same
error message for all users.

However I can change the password on Active Directory Users and Computer
without any problems. It even prompts me when password doesn’t meet
complexity requirements but if meet, it changes successfully.
I have Windows Server 2008 SP2 – up to date.

Has somebody had similar issue? Please help me as I almost lost hope…..

 
Reply With Quote
 
 
 
 
kj [SBS MVP]
Guest
Posts: n/a

 
      03-11-2010
Piotr wrote:
> Hi,
> Could you help me to fix following issue please? I can't find any
> solution. I tried to change password when I'm logged over RDP
> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> error: "Unable to update the password. The value provided for the new
> password does not meet the length, complexity, or history
> requirements of the domain."
> But unfortunately it meets...
>
> So basically I run Result Set of Policy Wizard for the user and got:
> Enforce password history 24 passwords remembered
> Maximum password age Not Defined
> Maximum password age Not Defined
> Maximum password length 9 characters
> Password must meet complexity requirements Enabled
>
> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> obviously meet rules (I tried even 25 chars). I also tried to change
> GPO and disabled complexity and changed length - no luck.
>
> As I completely built Server and AD I'm sure there is nothing unusual
> in configuration. I also tried to reboot DC, login using couple of
> different users, use different machines - no luck. Whatever I do I'm
> getting the same error message for all users.
>
> However I can change the password on Active Directory Users and
> Computer without any problems. It even prompts me when password
> doesn't meet complexity requirements but if meet, it changes
> successfully.
> I have Windows Server 2008 SP2 - up to date.
>
> Has somebody had similar issue? Please help me as I almost lost
> hope...


Besides the domain password policy, your user account *may be* subject to a
Fine Grained Password Policy setting (PSO) that I believe won't show up in
an RSOP.

Also (and more likely), Server 2008 "complexity" definitions now include
consecutive characters from the display name and account name
(Samaccountname) - What is the username and displayname of the account you
are having this problem with?



--
/kj


 
Reply With Quote
 
 
 
 
Piotr
Guest
Posts: n/a

 
      03-11-2010
Hi Santhosh,

Many thanks for your reply.

Unfortunately solution is not as easy. I'm sure my passwords meet all rules
in domain. It is enought complex, long, doesn't contain user name and is not
recorded in history. I used even random leters, numbers a chars and no result.

"Santhosh Sivarajan" wrote:

> When "Password must meet complexity requirements Enabled" policy setting is
> enabled, users must create strong passwords to meet the following minimum
> requirements:
>
> Passwords cannot contain the user's account name or parts of the user's full
> name that exceed two consecutive characters.
> Passwords must be at least six characters in length.
> Passwords must contain characters from three of the following four
> categories:
> English uppercase characters (A through Z).
> English lowercase characters (a through z).
> Base 10 digits (0 through 9).
> Non-alphabetic characters (for example, !, $, #, %).
>
> Make sure your password doesn't contain "the user's account name or parts of
> the user's full name that exceed two consecutive characters"
>
>
> --
> Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
> Houston, TX
> http://blogs.sivarajan.com/
> http://publications.sivarajan.com/
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "Piotr" <> wrote in message
> news:90D0DAEC-BC6B-4C91-9B81-...
> > Hi,
> > Could you help me to fix following issue please? I can’t find any
> > solution.
> > I tried to change password when I’m logged over RDP (CTRL+ALT+END) to
> > Windows Server 2008 and whatever I do I’m getting error: “Unable to update
> > the password. The value provided for the new password does not meet the
> > length, complexity, or history requirements of the domain.”
> > But unfortunately it meets…..
> >
> > So basically I run Result Set of Policy Wizard for the user and got:
> > Enforce password history 24 passwords remembered
> > Maximum password age Not Defined
> > Maximum password age Not Defined
> > Maximum password length 9 characters
> > Password must meet complexity requirements Enabled
> >
> > And I’m using password like: Dkj%4fdd8 or DJfkj%43*432 so they obviously
> > meet rules (I tried even 25 chars). I also tried to change GPO and
> > disabled
> > complexity and changed length – no luck.
> >
> > As I completely built Server and AD I’m sure there is nothing unusual in
> > configuration. I also tried to reboot DC, login using couple of different
> > users, use different machines – no luck. Whatever I do I’m getting the
> > same
> > error message for all users.
> >
> > However I can change the password on Active Directory Users and Computer
> > without any problems. It even prompts me when password doesn’t meet
> > complexity requirements but if meet, it changes successfully.
> > I have Windows Server 2008 SP2 – up to date.
> >
> > Has somebody had similar issue? Please help me as I almost lost hope…..
> >

 
Reply With Quote
 
Piotr
Guest
Posts: n/a

 
      03-11-2010
Hi KJ,

Many thanks for your reply.

As I mentioned before system was created by me and I haven't implemented
Fine Granted Password Policy as one rule for my domain was enought.

This issue is realy strange. In last two years I installed around 20 systems
and never met something like that before...

"kj [SBS MVP]" wrote:

> Piotr wrote:
> > Hi,
> > Could you help me to fix following issue please? I can't find any
> > solution. I tried to change password when I'm logged over RDP
> > (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> > error: "Unable to update the password. The value provided for the new
> > password does not meet the length, complexity, or history
> > requirements of the domain."
> > But unfortunately it meets...
> >
> > So basically I run Result Set of Policy Wizard for the user and got:
> > Enforce password history 24 passwords remembered
> > Maximum password age Not Defined
> > Maximum password age Not Defined
> > Maximum password length 9 characters
> > Password must meet complexity requirements Enabled
> >
> > And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> > obviously meet rules (I tried even 25 chars). I also tried to change
> > GPO and disabled complexity and changed length - no luck.
> >
> > As I completely built Server and AD I'm sure there is nothing unusual
> > in configuration. I also tried to reboot DC, login using couple of
> > different users, use different machines - no luck. Whatever I do I'm
> > getting the same error message for all users.
> >
> > However I can change the password on Active Directory Users and
> > Computer without any problems. It even prompts me when password
> > doesn't meet complexity requirements but if meet, it changes
> > successfully.
> > I have Windows Server 2008 SP2 - up to date.
> >
> > Has somebody had similar issue? Please help me as I almost lost
> > hope...

>
> Besides the domain password policy, your user account *may be* subject to a
> Fine Grained Password Policy setting (PSO) that I believe won't show up in
> an RSOP.
>
> Also (and more likely), Server 2008 "complexity" definitions now include
> consecutive characters from the display name and account name
> (Samaccountname) - What is the username and displayname of the account you
> are having this problem with?
>
>
>
> --
> /kj
>
>
> .
>

 
Reply With Quote
 
kj [SBS MVP]
Guest
Posts: n/a

 
      03-11-2010
Piotr wrote:
> Hi KJ,
>
> Many thanks for your reply.
>
> As I mentioned before system was created by me and I haven't
> implemented Fine Granted Password Policy as one rule for my domain
> was enought.
>
> This issue is realy strange. In last two years I installed around 20
> systems and never met something like that before...


>> Maximum password length 9 characters


*Maximum password length* ? Huh



At one time there was a problem with minimum password age as undefined
instead of 0 or some other setting - but I though that was fixed.




>
> "kj [SBS MVP]" wrote:
>
>> Piotr wrote:
>>> Hi,
>>> Could you help me to fix following issue please? I can't find any
>>> solution. I tried to change password when I'm logged over RDP
>>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
>>> error: "Unable to update the password. The value provided for the
>>> new password does not meet the length, complexity, or history
>>> requirements of the domain."
>>> But unfortunately it meets...
>>>
>>> So basically I run Result Set of Policy Wizard for the user and got:
>>> Enforce password history 24 passwords remembered
>>> Maximum password age Not Defined
>>> Maximum password age Not Defined
>>> Maximum password length 9 characters
>>> Password must meet complexity requirements Enabled
>>>
>>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
>>> obviously meet rules (I tried even 25 chars). I also tried to change
>>> GPO and disabled complexity and changed length - no luck.
>>>
>>> As I completely built Server and AD I'm sure there is nothing
>>> unusual in configuration. I also tried to reboot DC, login using
>>> couple of different users, use different machines - no luck.
>>> Whatever I do I'm getting the same error message for all users.
>>>
>>> However I can change the password on Active Directory Users and
>>> Computer without any problems. It even prompts me when password
>>> doesn't meet complexity requirements but if meet, it changes
>>> successfully.
>>> I have Windows Server 2008 SP2 - up to date.
>>>
>>> Has somebody had similar issue? Please help me as I almost lost
>>> hope...

>>
>> Besides the domain password policy, your user account *may be*
>> subject to a Fine Grained Password Policy setting (PSO) that I
>> believe won't show up in an RSOP.
>>
>> Also (and more likely), Server 2008 "complexity" definitions now
>> include consecutive characters from the display name and account name
>> (Samaccountname) - What is the username and displayname of the
>> account you are having this problem with?
>>
>>
>>
>> --
>> /kj
>>
>>
>> .


--
/kj


 
Reply With Quote
 
Piotr
Guest
Posts: n/a

 
      03-11-2010
You saved my life :-)

FYI it is not fixed, I defined min and max password age to 0 and it started
to work…

Thanks a lot!


"kj [SBS MVP]" wrote:

> Piotr wrote:
> > Hi KJ,
> >
> > Many thanks for your reply.
> >
> > As I mentioned before system was created by me and I haven't
> > implemented Fine Granted Password Policy as one rule for my domain
> > was enought.
> >
> > This issue is realy strange. In last two years I installed around 20
> > systems and never met something like that before...

>
> >> Maximum password length 9 characters

>
> *Maximum password length* ? Huh
>
>
>
> At one time there was a problem with minimum password age as undefined
> instead of 0 or some other setting - but I though that was fixed.
>
>
>
>
> >
> > "kj [SBS MVP]" wrote:
> >
> >> Piotr wrote:
> >>> Hi,
> >>> Could you help me to fix following issue please? I can't find any
> >>> solution. I tried to change password when I'm logged over RDP
> >>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> >>> error: "Unable to update the password. The value provided for the
> >>> new password does not meet the length, complexity, or history
> >>> requirements of the domain."
> >>> But unfortunately it meets...
> >>>
> >>> So basically I run Result Set of Policy Wizard for the user and got:
> >>> Enforce password history 24 passwords remembered
> >>> Maximum password age Not Defined
> >>> Maximum password age Not Defined
> >>> Maximum password length 9 characters
> >>> Password must meet complexity requirements Enabled
> >>>
> >>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> >>> obviously meet rules (I tried even 25 chars). I also tried to change
> >>> GPO and disabled complexity and changed length - no luck.
> >>>
> >>> As I completely built Server and AD I'm sure there is nothing
> >>> unusual in configuration. I also tried to reboot DC, login using
> >>> couple of different users, use different machines - no luck.
> >>> Whatever I do I'm getting the same error message for all users.
> >>>
> >>> However I can change the password on Active Directory Users and
> >>> Computer without any problems. It even prompts me when password
> >>> doesn't meet complexity requirements but if meet, it changes
> >>> successfully.
> >>> I have Windows Server 2008 SP2 - up to date.
> >>>
> >>> Has somebody had similar issue? Please help me as I almost lost
> >>> hope...
> >>
> >> Besides the domain password policy, your user account *may be*
> >> subject to a Fine Grained Password Policy setting (PSO) that I
> >> believe won't show up in an RSOP.
> >>
> >> Also (and more likely), Server 2008 "complexity" definitions now
> >> include consecutive characters from the display name and account name
> >> (Samaccountname) - What is the username and displayname of the
> >> account you are having this problem with?
> >>
> >>
> >>
> >> --
> >> /kj
> >>
> >>
> >> .

>
> --
> /kj
>
>
> .
>

 
Reply With Quote
 
kj [SBS MVP]
Guest
Posts: n/a

 
      03-11-2010
Piotr wrote:
> You saved my life :-)
>
> FYI it is not fixed, I defined min and max password age to 0 and it
> started to work.
>
> Thanks a lot!
>


Pleased to be of help.

/kj ( today "the blind squirrel" )

>
> "kj [SBS MVP]" wrote:
>
>> Piotr wrote:
>>> Hi KJ,
>>>
>>> Many thanks for your reply.
>>>
>>> As I mentioned before system was created by me and I haven't
>>> implemented Fine Granted Password Policy as one rule for my domain
>>> was enought.
>>>
>>> This issue is realy strange. In last two years I installed around 20
>>> systems and never met something like that before...

>>
>>>> Maximum password length 9 characters

>>
>> *Maximum password length* ? Huh
>>
>>
>>
>> At one time there was a problem with minimum password age as
>> undefined instead of 0 or some other setting - but I though that was
>> fixed.
>>
>>
>>
>>
>>>
>>> "kj [SBS MVP]" wrote:
>>>
>>>> Piotr wrote:
>>>>> Hi,
>>>>> Could you help me to fix following issue please? I can't find any
>>>>> solution. I tried to change password when I'm logged over RDP
>>>>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm
>>>>> getting error: "Unable to update the password. The value provided
>>>>> for the new password does not meet the length, complexity, or
>>>>> history requirements of the domain."
>>>>> But unfortunately it meets...
>>>>>
>>>>> So basically I run Result Set of Policy Wizard for the user and
>>>>> got: Enforce password history 24 passwords remembered
>>>>> Maximum password age Not Defined
>>>>> Maximum password age Not Defined
>>>>> Maximum password length 9 characters
>>>>> Password must meet complexity requirements Enabled
>>>>>
>>>>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
>>>>> obviously meet rules (I tried even 25 chars). I also tried to
>>>>> change GPO and disabled complexity and changed length - no luck.
>>>>>
>>>>> As I completely built Server and AD I'm sure there is nothing
>>>>> unusual in configuration. I also tried to reboot DC, login using
>>>>> couple of different users, use different machines - no luck.
>>>>> Whatever I do I'm getting the same error message for all users.
>>>>>
>>>>> However I can change the password on Active Directory Users and
>>>>> Computer without any problems. It even prompts me when password
>>>>> doesn't meet complexity requirements but if meet, it changes
>>>>> successfully.
>>>>> I have Windows Server 2008 SP2 - up to date.
>>>>>
>>>>> Has somebody had similar issue? Please help me as I almost lost
>>>>> hope...
>>>>
>>>> Besides the domain password policy, your user account *may be*
>>>> subject to a Fine Grained Password Policy setting (PSO) that I
>>>> believe won't show up in an RSOP.
>>>>
>>>> Also (and more likely), Server 2008 "complexity" definitions now
>>>> include consecutive characters from the display name and account
>>>> name (Samaccountname) - What is the username and displayname of the
>>>> account you are having this problem with?
>>>>
>>>>
>>>>
>>>> --
>>>> /kj
>>>>
>>>>
>>>> .

>>
>> --
>> /kj
>>
>>
>> .


--
/kj


 
Reply With Quote
 
Junior Member
Join Date: Aug 2010
Posts: 1

 
      08-11-2010
Min password 0, Max password 0, worked for me too! Thx
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"User must change password at next logon" grayed out on password f NickR Windows Small Business Server 15 12-12-2006 10:58 PM
password issue - can't change at client - can change at server Pedro Leite Windows Small Business Server 2 04-20-2006 10:08 AM
No password expiration message/Can't change password jberlin Windows Small Business Server 19 09-01-2005 12:43 AM
Password never expires-can't force user to change password Marsha Active Directory 15 01-11-2005 04:07 PM
With the domain administrador password I can't change the local administrator password of a client XP. Charles Windows Small Business Server 12 04-11-2004 03:49 AM