Remote Password Changing: Understanding (ERROR_CANT_ACCESS_DOMAIN_INFO)

Remote Password Changing: Change password failed: Unknown. (ERROR_CANT_ACCESS_DOMAIN_INFO)

The domain error is deceptive because the builtin windows method used to change a password takes either a machine or domain name, so if the machine is not found it will think a domain was passed in and throw a domain error.

NOTE: The RPC process uses the information from the Secret, and not a central configuration for resetting the password (Active Directory Configuration setting are used for user synchronization only), so ensure the information on the Secret is correct including the Active Directory Domain.

Main Causes:

1) If the machine name is wrong or abbreviated. For example: thpair3 as the machine but received that enter until a put the full machine name as thpair3.group.thycotic.com.

• Try placing the Ipaddress of the machine and seeing if you still get the domain error.

2) If the firewall blocking the ports. Port 135 for RPC, and Port 445 for XP machines authentication.

• Monitor to see if the authentication is accepted on the machine by viewing the security log:
  1. Run secpol.msc from the Run prompt
  2. Click on Local Policies, Audit Policy
  3. Turn on "Audit account logon events" and "Audit logon events" for both Successes and Failures
  4. View the logs at Administrative Tools, Event Viewer. Under Security Logs to determine the requests are getting through to the computer
• The secret audit log looks different if the firewall denies the connection, and will get ERROR_ACCESS_DENIED in some cases
• Firewall settings also apply to changing passwords on the local machine that SecretServer is running on, because net authentication is used.

Other Remote Password Changing Errors:

• Change password failed: Unknown. (NERR_PasswordPolicySettings) 
  • Cause: Repeating password, Doesn't Meet Domain standards:

 

• Change password failed: Unknown. (ERROR_ACCESS_DENIED) 
  
  • Cause: User set to Not Able to Change Password, Firewall Denial, Login incorrect:

 

• Change password failed: Unknown. (ERROR_INVALID_PASSWORD)
  • Cause: Either the user does not exists (check the usernames match) or the password is not correct

• Windows Account test: Change password failed: Unknown. (ERROR_ACCOUNT_LOCKED_OUT)
  • Cause: User account is locked out

• User Disabled:
  • Successful

• DirectoryEntry.Invoke SetPassword - The network path was not found.
  • Cause: Domain can not be found from the computer. Check the machine can ping the domain .

Article ID: 50, Created On: 8/20/2009, Modified: 4/4/2012