Force Password Change Sometimes does Not Work
search cancel

Force Password Change Sometimes does Not Work


Article ID: 6331


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When a user is forced to change  his password. He is redirected to the change password page. Once submit old/new password we are getting the following errors in the policy server traces:

[03/14/2017][14:37:18.115][14:37:18][2284][2984][plugin_AD.cpp:451][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00880] (SetUserProp) DN: 'xxyyzz', PropName: 'unicodePwd', PropValue: '****' . Status: Error 19 . Constraint Violation][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]


Policy Server Version: 12.51; Update: 00.00; Build: 905; CR: 00; on Windows 2008 R2


Enhanced AD integration is enabled, which means that the AD password policy was being applied to the user. There was no password policy defined for the User Directory in Siteminder.

In AD Policy, the minimum password age was set to 1 day which, in this case  did not permit the password change as the password was not older than 1 day.


You have to modify AD password policy as per your needs as product is working as designed and trust AD to manage password change (Enhanced AD integration is enabled)

Additional Information

If there are other constaints on the AD policy you may have the same error message and users will not be able to change their password.