[Solved] unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain
Few days back one of my client called me saying that, domain users cannot change their password when they required. Every time they try to change the password, they have been facing issue like below snapshot.
“unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.”
On the beginning analysis, I thought the user haven’t provide the new password that meets the requirement of the policy. So, tried with something complex which include Alphanumeric character with symbols. Even providing the most complex password, error has been appearing same for me too. As the error, has been prompting, I tried to check the event viewer if I could find some error regarding this. But no luck. After that I went to check the password policy for the domain controller, if there was something wrong on it. Looking over the password policy I found it good and as expected on below snapshot. Now the problem is why the heck, I cannot change password for the user. And during all these times strange thing was, Administrator (Domain Administrator) was able to reset the user password and if there is check on ‘change password on next logon’ user was able to change their password.
Now the thing is, what could be the issue???? I was stuck here… Suddenly, I thought of checking the domain DCDIAG all the domain controller on the environment. And that was luck… :D, I found the error of DFSR and KCC on one of Domain controller as of below.
“Starting test: DFSREvent
The event log DFS Replication on server Domain fqdn
could not be queried, error 0x6ba “The RPC server is unavailable.”
……………………. Domain Fqdn failed test DFSREvent
Starting test: SysVolCheck
……………………. DOMAIN FQDN passed test SysVolCheck
Starting test: KccEvent
The event log Directory Service on server DOMAIN FQDN
could not be queried, error 0x6ba “The RPC server is unavailable.”
……………………. DOMAIN FQDN failed test KccEvent “
So, I tried with fixing the error I have been getting on. Since that Domain Controller was on the DR site, I found some port were missing on the firewall side to communicate. There I added those ports and established the proper replication across all the domain controller.
Bingo… it worked… so culprit was the replication issue. It seems weird, but occurred to me. J Hope this is helpful to you all.
![[How to] Import AD users on Exchange server](/wp-content/themes/ribbon-lite/images/nothumb-related.png)
[How to] Import AD users on Exchange server
Integrated XP on Windows 7….
Mastering Identity Protection and Risk Detection with Azure AD: Features, Benefits, and Implementation Steps
About Author
pdhewjau
Prashant is a Principal Cybersecurity Specialist at Thakral One Nepal. His prior position as a Modern Work Security Specialist at Microsoft saw him providing invaluable guidance to major clients in Bangladesh, Brunei, Cambodia, and Myanmar, assisting them with their foundational security needs. Awarded the esteemed Microsoft Most Valuable Professional (MVP) accolade in 2017, Prashant is recognized globally among Microsoft peers. Since 2010, he has imparted his expertise as a Microsoft Certified Trainer (MCT), conducting specialized training across Nepal.
Add a Comment
This site uses Akismet to reduce spam. Learn how your comment data is processed.
I have same problem, yesterday changed la inWindows 10 pro stand alone machine, 2nd admin account. Today no way to log in with jotted down new password. The the 3 questions to reset password apparently answered correctly, but on keying in new password, bang, that odd non compliant password error message. I just halted post grad studies. From the answer above I think some kind of remote access was taking place, but no longer student, whoever at uni erased my student account, they don’t ‘tidy up’ those ports on their side, and leave my computer thinking it’s part of some domain, yet it is no more.