IBM Support

Notes Single Logon Password Synchronization failed after Windows password change is unsuccessful

Technote (troubleshooting)


Problem

Notes Single Logon (NSL) Password Synchronization failed after Windows password change is unsuccessful with OS password policy reason even though the users provide the right password. It only occurs on Windows 7 platform.

Symptom

When Windows password change is unsuccessful due to OS password policy reason, after providing the right password, the user starts Notes Client, it still shows you as "Your Windows password does not match your Notes password. You may change your password at any time via File - Security - User Security. Would you like to change your Notes password immediately after loging in?".


Cause

It's identified in SPR # ACHG8XWFUT as Third Party Software Bug (Microsoft). Because the MPR still calls the NPPasswordChangeNotify function to notify a password change event in Windows 7 even though the password change is unsuccessful.

Environment

Notes Client (Standard and Basic configuration) OS: Windows 7 32/64 bit

Diagnosing the problem

1. Install/Configure Notes Client on Windows 7 32-bit and enable Notes Single Logon feature. Then, OS User, Local administrator, changsc login and open debugging on the OS, set the following Windows System Environment variables:

DEBUG_NSL=1
DEBUG_NPNOTES=1

Restart the workstation.

2. confirm to start debugging due to find both npnotes.log and nsl.log created. Shutdown the workstation.
3. start the workstation and login by using local administrator user as changsc.
4. In terms to cause the user's password to be expired, change "Minimum password length" & "Maximum password age" from 0/0 to
8/1. (Run gpedit.msc and go Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings ->
Account Policies -> Password Policy

Restart the workstation.

5. changsc logins by using "password", Windows pop up a notification to show as "Your password has expired and must be changed" and click OK button to enter new password.

6. changsc attempts to change the password by using the "1234567" that don't be accepted due to OS password policy reason).

7. changsc uses the password, "12345678" (applied OS password policy) to login, then Windows shows you as "Your password has been changed".

8. Start Notes Client, it shows you as Your Windows password does not match your Notes password.
"Your Windows password does not match your Notes password. You may change your password at any time via File - Security - User Security. Would you like to change your Notes password immediately after loging in?".
Click Yes button.

Found Only the password, "1234567" is able to be used to login Notes Client, others cannot be used to login Notes Client.

From npnotes.log, we see

The password, "1234567" --> 09/07/2012 10:57:38 (GMT) - npnotes[1600]: ChangeNotesPassword: Changed password on ID: admin.id

The password, "12345678" -> 09/07/2012 11:00:18 - npnotes[1116]: ChangeNotesPassword: SECKFMChangePassword failed: 0x1908

The key problem is why NSL can change the password by using password, "1234567" successfully. It should not be changed because it doesn't meet OS password policy requirement. We expects the last password for OS and Notes Client is as "12345678" in this case.


Resolving the problem

We confirm that problem can be resolved by this MS hotfix: Fix354067. MS Technote and the download information at http://support.microsoft.com/kb/2468353

Related information

MS Fix354067


Document information

More support for: IBM Notes
Security

Software version: 8.5.3.2

Operating system(s): Windows

Software edition: All Editions

Reference #: 1612971

Modified date: 03 October 2012


Translate this page: