Unable to change Universal Password Error 0xfffffec1 "Access Denied"
This document (7011585) is provided subject to the disclaimer at the end of this document.
Novell Modular Authentication Service version 2.3
Nsure Identity Manager 2.0
Password Policy set to require unique passwords
Option chosen to "limit the number of passwords to store in the history list"
Error -1696 changing Universal Password through Portal
Error 632 (system failure) changing Universal Password in ConsoleOne
When changing the password with the NetWare client, the following error is returned: "The attempt to change the password failed. The error code was 0xfffffec1 (-319).
In iManager -> Password Management -> Set Universal Password, the following error is returned: "Error: Password error The Set Password request failed."
In iManager -> eDirectory Administration -> Modify Object -> Restrictions tab on a user -> Set Password, the following error is returned: "Error: NDS Error -632 (Error -632) Unexpected results have occurred.
If the number of passwords to store is set to 3, an error will be returned when attempting to set the fourth password.
Working as designed. Once the password history is full then the user is not allowed to change the password until a password in the password history has expired. This is to prevent a user from changing the password until the old password is no longer in the password history so that he/she can use it again.
This is commonly seen when the password policy does not have a value listed for "Remove password from history list after: " and the password has been changed several times before the password is set to expired according to the "Number of days before password expires" in the password policy. Not the password expiration date for the user. If no value is set for "Remove password from history list after: "and the password history is full, the -1696 error will be returned in an NMAS trace.
If unique passwords are required and the option is chosen to "limit the number of passwords to store in the history list,"
On the remote loader trace (level 3) of a connected system (AD is used in this example), the following error is seen when trying to set the password in the connected system and sync it to eDir:
DirXML Log Event -------------------
Formerly known as TID# 10092158
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011585
- Creation Date:07-JAN-13
- Modified Date:07-JAN-13
- NovellNMAS (Modular Authentication Service)ClientOpen Enterprise ServerOpen Workgroup Suite - Small Business Edition (NOWS SBE)
- SUSESUSE Linux Enterprise Server
Did this document solve your problem? Provide Feedback