Users cannot login using their latest Internet password
As an administrator you find that your users are reporting that they cannot login using their latest Internet password
Users can not log in with their latest Internet password but can log in with their previous Internet password.
In this case it has been identified that users are changing their Internet passwords and then changing the password again straight away. This action is currently not supported and results in multiple Change HTTP password requests being generated within the admin4.nsf database and the requests not being processed in the order expected by the Administrator and Domino is actually working as designed.
An enhancement request to change the administration process to allow Change HTTP requests be executed based on the time they have been received into the admin4.nsf has been created under APAR LO73909 http://www-01.ibm.com/support/docview.wss?uid=swg1LO73909
Diagnosing the problem
The Domino Administration Process does not process adminp requests such as change HTTP passwords based on a time generated basis, rather it processes the last request received the next time the administration process begins to scan for new requests to process, so acts more like a stack.
This means that entering multiple Change HTTP password requests within a couple of seconds of each other can result in the requests being processed in an order not expected by the end user or administrator and one or more of the requests will fail with the following error reported in the admin4.nsf Wrong Password (Passwords are case sensitive - be sure to use the correct upper and lower case) and the user finds that they can not log in with what they believe is their correct Internet password but can log in with a previous password.
While this issue can be seen when the user changes their Internet password through a browser, it should be noted that if an organisation is using ID Vault and have the following policy settings enabled "Update Internet Password When Notes Client Password Changes" and "Enforce password change after password has been reset" that this issue can also occur as follows
A: The administrator changes the password for the user within the vault, which creates a Change User Password in Domino Directory and Change HTTP password administration request.
B: The user logs in to their Notes client straight away and changes their password as required, which generates its own Change User Password in Domino Directory and Change HTTP password administration requests.
C: The user changes their password again straight away, which generates another set of administration requests.
Resolving the problem
To prevent this issue from occurring the user must not change their Internet password and then change it again straight away.
A recommended minimum interval to wait is three minutes between changing their password and attempting to log in again, to allow the previous Change HTTP Password request to be executed.
However the length of time required between resetting the password and the user logging back in could be longer due to replication.
This is due to the fact that the request must be replicated from the user's mail server to their administration server for processing after which their person document is updated with their new password. These changes especially to the user's person document in the names.nsf must be replicated from the administration server to their mail server and any other server the user might access, and the index of the names.nsf needs to be updated.
Replication delays can be overcome by the administrator manually replicating these databases.
More support for:
Software version: 8.5.2, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 8.5.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 9.0
Operating system(s): Windows
Reference #: 1649118
Modified date: 30 July 2015
Translate this page: