Thursday, March 12, 2009

It's been a while, huh?

Sorry about not posting for a while, but I've been tackling projects left and right, trying to shorten the list on my boss' desk.
So major issue broke out this morning: password changes in Active Directory were failing with error: 
The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements
Even through command line, (net user /domain username password) the error persisted. So I tried the usual, editing default domain policy, allowing/blocking inheritance on Domain Controller's OU in GPMC, editing domain controller's policy, the usual stuff you find googling the error. (http://support.microsoft.com/?id=269236) Nothing worked... until, I noticed the same error in the application event log, over and over:
The description for Event ID ( 5 ) in Source ( WinPSAFilter ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
And I didn't notice that it started at about the same time users began reporting issues changing their passwords. Well, the WinPSAFilter belongs to our SSO product, Computer Associates, CA SSO.
Long story short, this software sucks. I uninstalled the Password Sync Agent from all of our DCs, and that was it. Password changes were now allowed.
Does anyone out there use this product? Have you had problems like this with it?
We were going to use it in a test environment, but have now decided that it just isn't going to work out.
I have another Cisco tip to post, but I'll post after work.
Rick Estrada

No comments:

Post a Comment

COMMENT GOES HERE: