Can’t change password on Windows Server 2008.

Hi,
Could you help me to fix following issue please? I can’t find any solution.
I tried to change password when I’m logged over RDP (CTRL+ALT+END) to
Windows Server 2008 and whatever I do I’m getting error: “Unable to update
the password. The value provided for the new password does not meet the
length, complexity, or history requirements of the domain.�
But unfortunately it meets…..

So basically I run Result Set of Policy Wizard for the user and got:
Enforce password history 24 passwords remembered
Maximum password age Not Defined
Maximum password age Not Defined
Maximum password length 9 characters
Password must meet complexity requirements Enabled

And I’m using password like: Dkj%4fdd8 or DJfkj%43*432 so they obviously
meet rules (I tried even 25 chars). I also tried to change GPO and disabled
complexity and changed length – no luck.

As I completely built Server and AD I’m sure there is nothing unusual in
configuration. I also tried to reboot DC, login using couple of different
users, use different machines – no luck. Whatever I do I’m getting the same
error message for all users.

However I can change the password on Active Directory Users and Computer
without any problems. It even prompts me when password doesn’t meet
complexity requirements but if meet, it changes successfully.
I have Windows Server 2008 SP2 – up to date.

Has somebody had similar issue? Please help me as I almost lost hope…..

Piotr wrote:
> Hi,
> Could you help me to fix following issue please? I can't find any
> solution. I tried to change password when I'm logged over RDP
> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> error: "Unable to update the password. The value provided for the new
> password does not meet the length, complexity, or history
> requirements of the domain."
> But unfortunately it meets...
>
> So basically I run Result Set of Policy Wizard for the user and got:
> Enforce password history 24 passwords remembered
> Maximum password age Not Defined
> Maximum password age Not Defined
> Maximum password length 9 characters
> Password must meet complexity requirements Enabled
>
> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> obviously meet rules (I tried even 25 chars). I also tried to change
> GPO and disabled complexity and changed length - no luck.
>
> As I completely built Server and AD I'm sure there is nothing unusual
> in configuration. I also tried to reboot DC, login using couple of
> different users, use different machines - no luck. Whatever I do I'm
> getting the same error message for all users.
>
> However I can change the password on Active Directory Users and
> Computer without any problems. It even prompts me when password
> doesn't meet complexity requirements but if meet, it changes
> successfully.
> I have Windows Server 2008 SP2 - up to date.
>
> Has somebody had similar issue? Please help me as I almost lost
> hope...

Besides the domain password policy, your user account *may be* subject to a
Fine Grained Password Policy setting (PSO) that I believe won't show up in
an RSOP.

Also (and more likely), Server 2008 "complexity" definitions now include
consecutive characters from the display name and account name
(Samaccountname) - What is the username and displayname of the account you
are having this problem with?



--
/kj

Hi Santhosh,

Many thanks for your reply.

Unfortunately solution is not as easy. I'm sure my passwords meet all rules
in domain. It is enought complex, long, doesn't contain user name and is not
recorded in history. I used even random leters, numbers a chars and no result.

"Santhosh Sivarajan" wrote:

> When "Password must meet complexity requirements Enabled" policy setting is
> enabled, users must create strong passwords to meet the following minimum
> requirements:
>
> Passwords cannot contain the user's account name or parts of the user's full
> name that exceed two consecutive characters.
> Passwords must be at least six characters in length.
> Passwords must contain characters from three of the following four
> categories:
> English uppercase characters (A through Z).
> English lowercase characters (a through z).
> Base 10 digits (0 through 9).
> Non-alphabetic characters (for example, !, $, #, %).
>
> Make sure your password doesn't contain "the user's account name or parts of
> the user's full name that exceed two consecutive characters"
>
>
> --
> Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
> Houston, TX
> http://blogs.sivarajan.com/
> http://publications.sivarajan.com/
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "Piotr" <> wrote in message
> news:90D0DAEC-BC6B-4C91-9B81-...
> > Hi,
> > Could you help me to fix following issue please? I can’t find any
> > solution.
> > I tried to change password when I’m logged over RDP (CTRL+ALT+END) to
> > Windows Server 2008 and whatever I do I’m getting error: “Unable to update
> > the password. The value provided for the new password does not meet the
> > length, complexity, or history requirements of the domain.�
> > But unfortunately it meets…..
> >
> > So basically I run Result Set of Policy Wizard for the user and got:
> > Enforce password history 24 passwords remembered
> > Maximum password age Not Defined
> > Maximum password age Not Defined
> > Maximum password length 9 characters
> > Password must meet complexity requirements Enabled
> >
> > And I’m using password like: Dkj%4fdd8 or DJfkj%43*432 so they obviously
> > meet rules (I tried even 25 chars). I also tried to change GPO and
> > disabled
> > complexity and changed length – no luck.
> >
> > As I completely built Server and AD I’m sure there is nothing unusual in
> > configuration. I also tried to reboot DC, login using couple of different
> > users, use different machines – no luck. Whatever I do I’m getting the
> > same
> > error message for all users.
> >
> > However I can change the password on Active Directory Users and Computer
> > without any problems. It even prompts me when password doesn’t meet
> > complexity requirements but if meet, it changes successfully.
> > I have Windows Server 2008 SP2 – up to date.
> >
> > Has somebody had similar issue? Please help me as I almost lost hope…..
> >

Hi KJ,

Many thanks for your reply.

As I mentioned before system was created by me and I haven't implemented
Fine Granted Password Policy as one rule for my domain was enought.

This issue is realy strange. In last two years I installed around 20 systems
and never met something like that before...

"kj [SBS MVP]" wrote:

> Piotr wrote:
> > Hi,
> > Could you help me to fix following issue please? I can't find any
> > solution. I tried to change password when I'm logged over RDP
> > (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> > error: "Unable to update the password. The value provided for the new
> > password does not meet the length, complexity, or history
> > requirements of the domain."
> > But unfortunately it meets...
> >
> > So basically I run Result Set of Policy Wizard for the user and got:
> > Enforce password history 24 passwords remembered
> > Maximum password age Not Defined
> > Maximum password age Not Defined
> > Maximum password length 9 characters
> > Password must meet complexity requirements Enabled
> >
> > And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> > obviously meet rules (I tried even 25 chars). I also tried to change
> > GPO and disabled complexity and changed length - no luck.
> >
> > As I completely built Server and AD I'm sure there is nothing unusual
> > in configuration. I also tried to reboot DC, login using couple of
> > different users, use different machines - no luck. Whatever I do I'm
> > getting the same error message for all users.
> >
> > However I can change the password on Active Directory Users and
> > Computer without any problems. It even prompts me when password
> > doesn't meet complexity requirements but if meet, it changes
> > successfully.
> > I have Windows Server 2008 SP2 - up to date.
> >
> > Has somebody had similar issue? Please help me as I almost lost
> > hope...
>
> Besides the domain password policy, your user account *may be* subject to a
> Fine Grained Password Policy setting (PSO) that I believe won't show up in
> an RSOP.
>
> Also (and more likely), Server 2008 "complexity" definitions now include
> consecutive characters from the display name and account name
> (Samaccountname) - What is the username and displayname of the account you
> are having this problem with?
>
>
>
> --
> /kj
>
>
> .
>

Piotr wrote:
> Hi KJ,
>
> Many thanks for your reply.
>
> As I mentioned before system was created by me and I haven't
> implemented Fine Granted Password Policy as one rule for my domain
> was enought.
>
> This issue is realy strange. In last two years I installed around 20
> systems and never met something like that before...

>> Maximum password length 9 characters

*Maximum password length* ? Huh



At one time there was a problem with minimum password age as undefined
instead of 0 or some other setting - but I though that was fixed.




>
> "kj [SBS MVP]" wrote:
>
>> Piotr wrote:
>>> Hi,
>>> Could you help me to fix following issue please? I can't find any
>>> solution. I tried to change password when I'm logged over RDP
>>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
>>> error: "Unable to update the password. The value provided for the
>>> new password does not meet the length, complexity, or history
>>> requirements of the domain."
>>> But unfortunately it meets...
>>>
>>> So basically I run Result Set of Policy Wizard for the user and got:
>>> Enforce password history 24 passwords remembered
>>> Maximum password age Not Defined
>>> Maximum password age Not Defined
>>> Maximum password length 9 characters
>>> Password must meet complexity requirements Enabled
>>>
>>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
>>> obviously meet rules (I tried even 25 chars). I also tried to change
>>> GPO and disabled complexity and changed length - no luck.
>>>
>>> As I completely built Server and AD I'm sure there is nothing
>>> unusual in configuration. I also tried to reboot DC, login using
>>> couple of different users, use different machines - no luck.
>>> Whatever I do I'm getting the same error message for all users.
>>>
>>> However I can change the password on Active Directory Users and
>>> Computer without any problems. It even prompts me when password
>>> doesn't meet complexity requirements but if meet, it changes
>>> successfully.
>>> I have Windows Server 2008 SP2 - up to date.
>>>
>>> Has somebody had similar issue? Please help me as I almost lost
>>> hope...
>>
>> Besides the domain password policy, your user account *may be*
>> subject to a Fine Grained Password Policy setting (PSO) that I
>> believe won't show up in an RSOP.
>>
>> Also (and more likely), Server 2008 "complexity" definitions now
>> include consecutive characters from the display name and account name
>> (Samaccountname) - What is the username and displayname of the
>> account you are having this problem with?
>>
>>
>>
>> --
>> /kj
>>
>>
>> .

--
/kj

You saved my life :-)

FYI it is not fixed, I defined min and max password age to 0 and it started
to work…

Thanks a lot!


"kj [SBS MVP]" wrote:

> Piotr wrote:
> > Hi KJ,
> >
> > Many thanks for your reply.
> >
> > As I mentioned before system was created by me and I haven't
> > implemented Fine Granted Password Policy as one rule for my domain
> > was enought.
> >
> > This issue is realy strange. In last two years I installed around 20
> > systems and never met something like that before...
>
> >> Maximum password length 9 characters
>
> *Maximum password length* ? Huh
>
>
>
> At one time there was a problem with minimum password age as undefined
> instead of 0 or some other setting - but I though that was fixed.
>
>
>
>
> >
> > "kj [SBS MVP]" wrote:
> >
> >> Piotr wrote:
> >>> Hi,
> >>> Could you help me to fix following issue please? I can't find any
> >>> solution. I tried to change password when I'm logged over RDP
> >>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm getting
> >>> error: "Unable to update the password. The value provided for the
> >>> new password does not meet the length, complexity, or history
> >>> requirements of the domain."
> >>> But unfortunately it meets...
> >>>
> >>> So basically I run Result Set of Policy Wizard for the user and got:
> >>> Enforce password history 24 passwords remembered
> >>> Maximum password age Not Defined
> >>> Maximum password age Not Defined
> >>> Maximum password length 9 characters
> >>> Password must meet complexity requirements Enabled
> >>>
> >>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
> >>> obviously meet rules (I tried even 25 chars). I also tried to change
> >>> GPO and disabled complexity and changed length - no luck.
> >>>
> >>> As I completely built Server and AD I'm sure there is nothing
> >>> unusual in configuration. I also tried to reboot DC, login using
> >>> couple of different users, use different machines - no luck.
> >>> Whatever I do I'm getting the same error message for all users.
> >>>
> >>> However I can change the password on Active Directory Users and
> >>> Computer without any problems. It even prompts me when password
> >>> doesn't meet complexity requirements but if meet, it changes
> >>> successfully.
> >>> I have Windows Server 2008 SP2 - up to date.
> >>>
> >>> Has somebody had similar issue? Please help me as I almost lost
> >>> hope...
> >>
> >> Besides the domain password policy, your user account *may be*
> >> subject to a Fine Grained Password Policy setting (PSO) that I
> >> believe won't show up in an RSOP.
> >>
> >> Also (and more likely), Server 2008 "complexity" definitions now
> >> include consecutive characters from the display name and account name
> >> (Samaccountname) - What is the username and displayname of the
> >> account you are having this problem with?
> >>
> >>
> >>
> >> --
> >> /kj
> >>
> >>
> >> .
>
> --
> /kj
>
>
> .
>

Piotr wrote:
> You saved my life :-)
>
> FYI it is not fixed, I defined min and max password age to 0 and it
> started to work.
>
> Thanks a lot!
>

Pleased to be of help.

/kj ( today "the blind squirrel" )

>
> "kj [SBS MVP]" wrote:
>
>> Piotr wrote:
>>> Hi KJ,
>>>
>>> Many thanks for your reply.
>>>
>>> As I mentioned before system was created by me and I haven't
>>> implemented Fine Granted Password Policy as one rule for my domain
>>> was enought.
>>>
>>> This issue is realy strange. In last two years I installed around 20
>>> systems and never met something like that before...
>>
>>>> Maximum password length 9 characters
>>
>> *Maximum password length* ? Huh
>>
>>
>>
>> At one time there was a problem with minimum password age as
>> undefined instead of 0 or some other setting - but I though that was
>> fixed.
>>
>>
>>
>>
>>>
>>> "kj [SBS MVP]" wrote:
>>>
>>>> Piotr wrote:
>>>>> Hi,
>>>>> Could you help me to fix following issue please? I can't find any
>>>>> solution. I tried to change password when I'm logged over RDP
>>>>> (CTRL+ALT+END) to Windows Server 2008 and whatever I do I'm
>>>>> getting error: "Unable to update the password. The value provided
>>>>> for the new password does not meet the length, complexity, or
>>>>> history requirements of the domain."
>>>>> But unfortunately it meets...
>>>>>
>>>>> So basically I run Result Set of Policy Wizard for the user and
>>>>> got: Enforce password history 24 passwords remembered
>>>>> Maximum password age Not Defined
>>>>> Maximum password age Not Defined
>>>>> Maximum password length 9 characters
>>>>> Password must meet complexity requirements Enabled
>>>>>
>>>>> And I'm using password like: Dkj%4fdd8 or DJfkj%43*432 so they
>>>>> obviously meet rules (I tried even 25 chars). I also tried to
>>>>> change GPO and disabled complexity and changed length - no luck.
>>>>>
>>>>> As I completely built Server and AD I'm sure there is nothing
>>>>> unusual in configuration. I also tried to reboot DC, login using
>>>>> couple of different users, use different machines - no luck.
>>>>> Whatever I do I'm getting the same error message for all users.
>>>>>
>>>>> However I can change the password on Active Directory Users and
>>>>> Computer without any problems. It even prompts me when password
>>>>> doesn't meet complexity requirements but if meet, it changes
>>>>> successfully.
>>>>> I have Windows Server 2008 SP2 - up to date.
>>>>>
>>>>> Has somebody had similar issue? Please help me as I almost lost
>>>>> hope...
>>>>
>>>> Besides the domain password policy, your user account *may be*
>>>> subject to a Fine Grained Password Policy setting (PSO) that I
>>>> believe won't show up in an RSOP.
>>>>
>>>> Also (and more likely), Server 2008 "complexity" definitions now
>>>> include consecutive characters from the display name and account
>>>> name (Samaccountname) - What is the username and displayname of the
>>>> account you are having this problem with?
>>>>
>>>>
>>>>
>>>> --
>>>> /kj
>>>>
>>>>
>>>> .
>>
>> --
>> /kj
>>
>>
>> .

--
/kj

Min password 0, Max password 0, worked for me too! Thx