Environment
Novell Modular Authentication Service (NMAS)
Novell eDirectory 8.7.3.9 for NetWare 6.5
Situation
User's password is expired so they get a prompt to change their
password. When they try to change the password the following
error occurs:
LOGIN-LGNWNT32.DLL-NMAS: Invalid Parameter. Do you still want to change your password?
It then loops back and you get in an endless loop if you try and change your password.
symptom: If you disable NMAS on the client you can set your password.
SEARCH: lgnwnt32 lgnwnt32.dll nmas login logon parameter password (Revoked) setting
LOGIN-LGNWNT32.DLL-NMAS: Invalid Parameter. Do you still want to change your password?
It then loops back and you get in an endless loop if you try and change your password.
symptom: If you disable NMAS on the client you can set your password.
SEARCH: lgnwnt32 lgnwnt32.dll nmas login logon parameter password (Revoked) setting
Resolution
Verify that the server keys are correct and all the same on
all servers. Use
KB 3455150 - Using SDIDiag to gather specific SDKey information
from servers to verify the that all servers have the same
tree keys.
If you need to generate new keys for your tree, see TID 10096669 - Using SDIDiag - Switches and
Options, and look particularly at the SD command with the -G
option to revoke and issue a new key. The RD command
can then be used to sync keys out
Additional Information
In this case the servers had all the same keys, but they were all
revoked. No keys were valid. So there were no keys to
create the universal password with. Revoked keys are
only used to unencyrpt information and not encrypt new
information. So all servers must have a valid key and
any revoked keys that any other server in the tree might have.