This project is read-only.
2
Vote

Microsoft updates is breaking the change password functionality

description

Hi,

Thank you for doing this project. I looked at the source it is clean and nicely done!

Sorry to say, but I need to report an issue. I tried to install it on test server and was not able to change the password with the following error:

The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. (Exception from HRESULT: 0x800704F1)
System.DirectoryServices.AccountManagement.PrincipalOperationException
System.Runtime.InteropServices.COMException (0x800704F1): The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. (Exception from HRESULT: 0x800704F1)

I tried to search the internet for this error and found that two recent Microsoft updates (KB3177108 and KB3167679 installed 11 august 2016) have changed the functionality for the "change password".
Here is the link to the page:
http://en.community.dell.com/techcenter/iam/f/4991/t/19988817

Is there a better solution?

Thank you in advance for investigation!

file attachments

comments

jasjitchopra wrote Aug 17, 2016 at 3:30 PM

So apparently Microsoft blocked NTLM protocol with that update which was being used by my code by default to change the password. I am afraid I am busy with other projects and I am not sure when I will get the time to fix this and make it work with Kerberos.

If you can find some asp.net code that works with Kerberos - please point me to it - it might help me fix this faster.

jasjitchopra wrote Sep 5, 2016 at 10:41 PM

I just updated my test DC Windows 2012 R2 with these KB Articles and the solution still works for me.

Can you check if your firewall between SP servers and DC allows proper Kerbores authentication or not?

Also are these updates breaking because the patch is installed on SP server or just DC or both places?

rspataru9 wrote Sep 6, 2016 at 12:37 PM

As you pointed out this issue is about NTLM protocol that was broken by these KB updates.
These KB updates are installed only on DC Windows 2012 R2 and I don’t have any firewall between servers. I am glad that it is working with Kerberos protocol. When I will have time I will try to migrate from NTLM to Kerberos .
Thank you for investigating this issue!

wrote Nov 17, 2016 at 1:11 PM

deimos1986 wrote Nov 17, 2016 at 1:22 PM

I have the same issue but some passwords work well. Looks like if I input password that violates historical restrictions the error occurs.