Error -1697 while setting a Universal Password

  • 3629717
  • 19-Feb-2008
  • 26-Apr-2012

Environment


Novell NetWare 6.5
Novell Modular Authentication Service (NMAS)

Situation

Error -1697 while setting a Universal password
Error saving the Universal password for user to the directory
Error -16049 when trying to check the Universal Password Status on a user
-16049 - NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND
-1697 - FFFFF95F NMAS_E_INVALID_SPM_REQUEST
-1643 - FFFFF995 NMAS E INVALID PARAMETER
Search: 1697 -1697 1643 -1643 16049 -16049

Resolution

1. Verify there is Universal Pasword Policy assigned to the user, users container, or the partition where the user resides.
2. Verify that the server keys are correct and all the same on all servers. Use KB 3455150 - Using SDIDiag to gather specific SDKey information from servers to verify the that all servers have the same tree keys.
If you need to generate new keys for your tree, see TID 3840110 - Using SDIDiag - Switches and Options, and look particularly at the SD command with the -G option to revoke and issue a new key. The RD command can then be used to sync keys out

Additional Information

In this case the servers had all the same keys, but they were all revoked. No keys were valid. So there were no keys to create the universal password with. Revoked keys are only used to unencyrpt information and not encrypt new information. So all servers must have a valid key and any revoked keys that any other server in the tree might have.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.