Password can be verified but not changed on a Windows computer with a 'Windows Remote' target application.
Article ID: 116607
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
I need to verify and change the password of the local Administrator account on the windows servers.
After creating the proper 'Windows Remote' target application and target account, the password can be verified but not changed.
Looking at the catalina.out file the following error message appears:
SEVERE: UpdateTargetAccountCmd.invoke 15616: machine <ComputerName> rejected the password change: Error was : Password restriction.
After creating the proper 'Windows Remote' target application and target account, the password can be verified but not changed.
Looking at the catalina.out file the following error message appears:
SEVERE: UpdateTargetAccountCmd.invoke 15616: machine <ComputerName> rejected the password change: Error was : Password restriction.
Environment
Any Virtual or Hardware appliance running PAM server 3.x or above.
Cause
There is a local policy on <ComputerName> with a password complexity harder that the provided password.
Resolution
In order to solve this problem both criteria have to match, so you can either:
- Make the PAM Password Composition Policy match the complexity defined on the Windows computer local password policy.
- Make the complexity defined on the Windows computer local password policy match the PAM Password Composition Policy.
Additional Information
Feedback
Yes
No
Powered by
