Prevent Portal password from expiring

Similar Messages

• Office 365 AAD Password Writeback not working; Event Viewer Error: 0x80230619 (A restriction prevents the password from being changed to the current one specified.)

  Hello all,
  I'm currently setting up a Proof Of Concept setup with directory synchronisation and password syncing to Office 365, leveraging AAD Premium for the password reset and password writeback to on premises
  AD functionality. Directory Sync + Password Sync is working flawlessly with the AADSync tool. However, upon requesting a password reset for a user, I'm hitting a password writeback error. The webpage states that the password does not meet the password
  complexity policy, while it does. I can set that particular password for that account at the on premises AD without any problem.
  In the event viewer at the AADSync server, I'm seeing this Error pop up whenever I try to reset the password:
  An unexpected error has occurred during a password set operation.  "BAIL: MMS(4032): ..\server.cpp(11003): 0x80230619 (A restriction prevents the password from being changed
  to the current one specified.) Azure AD Sync 1.0.0475.1202"
  My Setup:
  Windows Server 2012 AD with a single forest
  Seperate domain joined Windows Server 2012 for AADSync tool
  AADSync version 1.0.0475.1202 with options password sync, password writeback enabled
  Service account for AADSync tool with Replicating Directory Changes and Replicating Directory Changes All permissions
  on root AD forest structure with inheritance to all objects. This account also has the permissions to Change Password and Reset Password on all descendant
  User Objects.
  AAD Premium for my office 365 tenant
  AAD Premium licenses for the test users and the office 365 account used to sync to Office 365. This account is also Global Admin.
  Could anyone help me with this? Is there something I’m missing here? My guess is that the AAD is not trusted or the service account for AADSync tool does not have the proper permissions. I’ve tried
  many options, like setting the AADSync Service account to Enterprise Admin or granting the service account Full Control over that particular user.

  Concerning my issue:
  The Default Group Policy setting: Minimum Password Age is set at 1 day. As I was testing this feature with new users, their provisioned passwords were less than 24 hours old and the Minimum Password Age of 1 prevented the change of the password.
  After changing this to 0 days in the Default Group Policy, my password resets started working for newly created users. While this might not have affected existing users in production, it had me looking and searching for permission issues on my AD.
  So for those that might be experiencing ADSync Event ID 6329 and PasswordResetService Event ID 33008 Errors when trying to do a Password Reset using AAD Premium with Password Writeback, it might be helpful to check the applied password policy.
  The issue is solved.

• Under Tools, Options, Security; how do I add a site to the "exception" box to prevent a password from being saved?

  I would like to add a site to the "exceptions" box under "tools", "options", "security". This is to prevent the computer from saving a password for that site.

  Some sites (like and others) like PayPal, Yahoo, Windows Live and bank sites use ''autocomplete="off"'' to prevent Firefox from saving the name and the password.
  If a site uses ''autocomplete="off"'' then look at this article for a bookmarklet to remove that autocomplete attribute.
  http://kb.mozillazine.org/User_name_and_password_not_remembered (bookmarklet)
  http://kb.mozillazine.org/Password_Manager
  See also http://en.wikipedia.org/wiki/Bookmarklet

• Prevent Portal Application from starting

  Hello.
  We are having problems starting up a portal. Everytime we try to start it we have a java deadlock, and we wonder whether it is possible to prevent an application from starting.
  Specifically the application we would like not to start is:
  sap.com/cafeuodimnuacceap
  Thanks in advance for your help.

  I found it:
  Using the "Initially_Not_Started_Apps" parameter in Config Tool.
  Thanks.

• Prevent portal page from open automatic

  Hi there,
  i got this issue:
  A portal page opening an external fullscreen window and defined as first entry point in second level navigation, should not be openend automatically when clicking on the corresponding top-level navigation entry.     
  It should only open when explicitly clicking on its navigation button on second-level navigation.
  Any idea ?

  The Portal expects content to be displayed when clicking on TLN. Either content assigned to the TLN or to any of the second level navigation items.
  But there is not always a reason why I should I have assigned any content  to a TLN item.
  Furthermore if I don't want any page from second level to be displayed automatically because the user has no preferences in advance. And he doesn't want any kind of starting page or so. In our case all those pages open in external windows. So if I would make one of them the starting page and the user doesn't need this one, he first must close the window and then select the desired one.
  This is much more uncomfortable I think.
  Cheers
  Walter

• How to hide a password from a prompted osascript dialogue from a Mac/UNIX Shell Script

  I'm in the final phase of designing a script to automate my Active Directory binding that will be used by multiple people. Because of this, I need to prompt for a user name and password. I've successfully created the prompt, but want to find some way to prevent the password from showing up in the dialog box asking for the password (this will be done remotely, I don't want the password visible).
  It can be turned into stars, dots, not show up at all, anything, I just need it NOT to show visually, but still be able to be passed down to the dsconfigad command.
  I've tested the script itself and it works and a hidden password is the last piece that I need to make it live.
  (Excuse any extra comments on here, I've pieced this together from a lot of different sources)
  Any help you could offer would be greatly appreciated!
  #! /bin/bash
  while :; do # Loop until valid input is entered or Cancel is pressed.
      user=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network user name:" default answer ""' -e 'text returned of result' 2>/dev/null)
      if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
      user=$(echo -n "$user" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
      if [[ -z "$user" ]]; then
          # The user left the project name blank.
          osascript -e 'Tell application "System Events" to display alert "You must enter a user name; please try again." as warning' >/dev/null
          # Continue loop to prompt again.
      else
          # Valid input: exit loop and continue.
          break
      fi
  done
  while :; do # Loop until valid input is entered or Cancel is pressed.
      netpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network password:" default answer ""' -e 'text returned of result' 2>/dev/null)
      if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
      netpass=$(echo -n "$netpass" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
      if [[ -z "$netpass" ]]; then
          # The user left the project name blank.
          osascript -e 'Tell application "System Events" to display alert "You must enter a password; please try again." as warning' >/dev/null
          # Continue loop to prompt again.
      else
          # Valid input: exit loop and continue.
          break
      fi
  done
  MACNAME=$(scutil --get ComputerName)
  sudo dsconfigad -add DOMAIN \
  -username $user \
  -password $netpass \
  -computer $MACNAME \
  -mobile disable \
  -mobileconfirm disable \
  -localhome enable \
  -useuncpath enable \
  -shell /bin/bash \
  -ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
  -force \
  -localpassword LOCALPASS \
  -groups "GROUPS"
  #sudo rm -- "$0"

  I think you want to change line 18 to read:
      netpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network password:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null) 
  and of course add the 'with hidden answer' bit to line 23 as well.

• Problems in Changing LDAP (AD) Initial Password from Portal

  Hello ,
  We are using EP 7.01 SP 05 with Microsoft AD as our user data store (flat structure).
  For newly created users on AD, we are wanting them to be able to change their initial passwords from portal (on their first logon).
  SSL is set up between EP and AD.
  The user we are using to access LDAP has write privileges.
  We are using a standard configuration file (writeable version) (dataSourceConfiguration_ads_writeable_db.xml)
  We are able to modify users from User Administration console (including password change) without any problem.
  However, there are two problems we are facing:
  1. If the flag "User must change password at first logon" is set on AD/LDAP, then on Portal the user is not getting prompted for changing password - and User authentication failed
  2. If the flag "User must change password at first logon" is NOT set on AD/LDAP, then - User is getting prompted to change the password" - however password change is not going through successfully - Error says - "Missing".
  From logs I can see the following error:
  #1.5#0050568767DE006B0000000700005D7C00048EC433D5B0FC#1282873241046#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=64495]#Guest#0#SAP J2EE Engine JTA Transaction : [044ffffffd35700451]#n/a##19ae55e0b17c11dfb0d00050568767de#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Java###Can not change password
  [EXCEPTION]
  {0}#1#javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, \#1:
  0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
  ]; remaining name 'cn=portal test'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2943)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1449)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
  Can any one pls suggest what is this error about and what I am missing.
  Thanks ,
  Shanti

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• How to Prevent SharePoint Farm Password from Changing

  I have been trying to stop the SP farm account, spfarm, from password changing.  SharePoint Central Administration is used and I go to Central Security -> Configure managed accounts.  I set spfarm not to change but it makes no difference. 
  It still changes.  When that happens it screws up the SharePoint VSS Writer service account and backups fail (the password synch script has to run to fix).  When the setting in SP CA is changed to allow password changes, the SharePoint VSS Writer
  service account still has a problem and backups fail.
  Additionally, I have run the two below scripts when necessary to try to correct the problem and it works until the password changes again.  It seems as though the password changes whenever the server restarts or at least once every week or so. 
  Can anyone help me with this?  I don't care if the password changes on a schedule as long as it doesn't cause the SharePoint VSS Writer service to fail during backup.
  Repair-SPManagedAccountDeployment (This checks synch of passwords)
  set-spmanagedAccount -UseExistingPassword
  This is on a Windows Small Business Server 2011, which runs SharePoint 2010.
  Tony

  Hi Tony,
  In SBS 2011, use 3 different accounts to run Windows SharePoint Foundation. The accounts are spfarm (SharePoint
  Farm Account), spsearch, and spwebapp. For security reasons the passwords on these accounts are periodically reset. The password for spfarm is reset every 7 days that the Windows SBS Manager service is running.
  à
  How to Prevent SharePoint Farm Password from Changing
  I will suggest that set the password expiry to be longer (such as: a month or 365 days or even more) and apply
  it. Maybe a workaround.
  By the way, the Windows SBS Manager service manages the spfarm account. This spfarm account will be found under
  MyBusiness-> Users-> SBS Users in ADUC. If you navigate to the spfarm account in ADUC and open the Properties of it, then select
  “Password never expires” under Account options in Account tab. Please check if this can help you to achieve target.
  Hope this helps.
  Best regards,
  Justin Gu

• Just replaced my iphone 4 with new 4.  restore from icloud is hung on an app I no longer use (password probably expired) how can i get the restore to move on to the next app

  just replaced my iphone 4 with new 4.  restore from icloud is hung on an app I no longer use (password probably expired) how can i get the restore to move on to the next app

  Read another post in the forum about this and it appears this app also installs a profile with a proxy service that you will have to try and delete as well. Check that out.

• How to change the Portal Password using a link from Web dynpro application

  Hello Everybody,
  I have a requirement to change the user password from a web dynpro application which is available on a mobile device. Firstly User will log into the portal through a mobile device and after getting authenticated user will be redirected to the mobile application. Within this mobile application there will be a link to change the login password(Portal login). Can somebody tell me how can i change the portal login password from a link available within the mobile application. Looking forward for a suitable reply.
  Thanks to all,
  Regards,
  Saby.

  Hi Maksim,
  Thanks for your reply..but i would also like to know can we directly use the Change Password Iview "persoUserPassword" from the portal. Can i directly Pass the URL of this iview from the portal to a "Change Password" link in the web dynpro application, so that when the user click this link he should be able to see this Iview on his/her mobile device and should be able to change the password from there. But i dont know whether this iview will appear properly on the mobile device or we have to have a custom web dynpro application for this purpose...Please reply with a suitable answer.
  Thanks in advance.
  Regards,
  Sarabjeet Singh.

• How to prevent a portal user from using the BEx Analyzer ?

  Hi,
  we have different type of users : most users may use the portal as well
  as the analyzer ;
  we have one special user with extended authorizations : this user
  should use the portal , where he has a limited set of queries to run
  with hardcoded filters ==> this user should not be able to use the
  analyzer however, since he then would be able to call all other queries
  by using the find function ;
  how can we make sure this user cannot use the analyzer , using SAP
  authorizations ?
  best regards,
  Erwin Van Giel.

  Hi,
  if I remove the complete S_RFC authorization for the user then the BEx Analyzer cannot connect anymore to the BW system, but neither can the user run reports from the portal : it needs the S_RFC with 'SYST'.
  If I only remove the RRMX from the S_TCODE and from the S_RFC, it does not prevent the user from starting the BEx Analyzer and connecting to the BW system. It only stops the user if he would start the RRMX transaction from within an SAPGUI session.
  Perhaps there should be a value in the S_RFC that allows connections from the portal but not from the BEx Analyzer .... ?
  so not solved yet ....
  best regards,
  Erwin.

• Resetting expired password from JDBC

  Hi All,
  I would like to know if it is possible to change an expired password from a java client that uses JDBC (classes12.zip) "thin client" to connect to oracle database (8.1.7.4).
  Can we capture the "password expired" exception from the client and change the expired password from within the java client.
  The current connect string is --->
  Connection conn;
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  conn = DriverManager.getConnection("jdbc:oracle:thin:@host:port:sid",user,pass);
  Is it possible to do something like this ???
  try {
  conn = DriverManager.getConnection("jdbc:oracle:thin:@host:port:sid",user,pass);
  catch ( SQLException sqle ) {
  if ( sqle.getErrorCode() == 28001 ) // i.e. passwd expired
  //1. ask user to enter the new passwd &
  //2. change it in the database.
  Is there any other way of doing this ??
  Thanks in advance
  Arun

  I haven't tried this, but there some things to think about.
  1) Have you tried to capture the Exception? Is it a problem?
  2) Have you tried to alter a password through JDBC? Is it a problem? To execute other DDL you have to use executeUpdate() I would assum that if you can do this it will also require an executeUpdate().
  Now assuming #1 and #2 are OK
  3) How are you going to change a password when the you cannot connect because the password has expired? Are you going to hard code another non-expired userid/password in the code (bad idea). Are you going to ask the user to enter some type of administrative userid/password that will allow them to change their password?
  Just some thoughts, sorry I cannot help more...

• Set Portal Password as Productive Password from IDM

  Hi you all,
  I am trying to set the portal password as a productive password from IDM. When I change the passwordchangerequired to be false, I get the following error: putNextEntry failed storingSPML.SAPUSER.UN000198
  I have changed the repository constants (protocol and port) to be https and 50001. Is there any certificate that I need to import? Reading the configuration guide does not tell me much.
  Please let me know if I am missing something.
  Thanks in advance!
  Anu Biju

  Hello Anu,
  Quick check, is your target system you are trying to connect is enabled with SSL ?
  Also I want you to have a look at the below lines from configuration guide.
  To provision productive passwords to AS Java systems, set the SPML passwordchangerequired attribute in the relevant provisioning jobs to false. Do so in the AS Java Connector under Plugins8 --> Set AS JAVA User passwordCheck Backendtype-->DB-->SetPasswordJavaUser-->SetPasswordJavaUser0-->SetPasswordJavaUser-->ToSPML-USER.
  During the Create task the settings of the security policy of the AS Java are enforced. Therefore, the SPML settings for the password are overruled, and using the Create task you cannot make sure that productive passwords are provisioned.
  I hope you are not trying to set the productive password from the create user task.
  ~ Krishna.

• Prevent non-admins from using passwords...

  Title says it all haha, I have a iMac for the kids and I have an admin account with a password and I was wondering how can I (if I can) prevent them from making passwords for their non-admin accounts?
  Thank you,
  TM

  ..."prevent them from making passwords"...
  If this means that the accounts currently do not have passwords, that generally is considered unsafe, although with appropriate security measures in place to protect the local network, it might be alright (I don't consider myself knowledgeable enough to provide advice on what those measures might be). Nevertheless, an "admin" can simply set a blank password for any account using the "Accounts" pref pane, while logged in to any account except the one whose password is being changed.
  However, if the question is really about preventing the users from changing their own password, OS X does provide an option through "System Preferences" > "Accounts" > "Parental Controls" > "Finder.app & System" where an "admin" can set whether or not it is allowed. There is a loophole but it's fairly obscure, and it can probably be closed if the need arises.
  Keep in mind that an "admin" can change any user's password at will so even if the users decide to change it, an "admin" can always change it back. An "admin" always has access to almost any file on the computer, with the exception of those that are encrypted (eg. keychains, encrypted disk images, including "FileVault", etc.) so the kids can't really lock you out, if that is the concern.

• Unable to change password from application when Oracle password has expired

  I need to know how to change the users
  (Oracle 9.0.8) password via Visual Basic (v6.0
  SP3) and RDO. If the users password is expired,
  the proper error message is returned, but because
  the user isn't connected to the database, I
  cannot change the password with the "ALTER xxx
  IDENTIFIED BY xxx" sql. Anyone got any
  suggestions??

  you have to unlock it with some other user with the alter user privilege (e.g. sys or system), or (if you use OID) some user with DAS privileges.