Users unable to change expired eDirectory password

  • 7021318
  • 07-Sep-2017
  • 07-Sep-2017

Environment

Client for Open Enterprise Server 2 SP4 (IR6)

Situation

When user passwords expire, they cannot change the password. Various errors may be displayed, such as:
Error Login-lgnwnt73-710: the password cannot be changed. Error fffffd6d

Resolution

-659 FFFFFD6D TIME NOT SYNCHRONIZED is an error the eDirectory replica itself returns, as opposed to being some workstation-side condition that reports this status.

Time syncronization actually is off on at least one of the eDirectory replicas. Run "ndsrepair -T" on the server console to review the time sync status (repairing time sync problems depends on the version of OS, etc.)

If, after examining the time sync reports from the server side, you still can't identify where the issue exists, a LAN trace is needed to confirm which replica was responding with status 0xFFFFFD6D and then investigating that specific server.

Additional Information

If a LAN trace needed, follow these steps to capture a LAN trace on a machine where the problem can be duplicated:

1. Login "Computer Only" such that no eDirectory authentication is performed.
2. Download and install Wireshark (free), available from http://www.wireshark.org/download.html. (Or, some other protocol analyzer).
3. Launch Wireshark.
4. Begin Capturing in Wireshark. Click Capture -> Interfaces -> Start capturing on the appropriate interface.
5. Duplicate the problem by logging into eDirectory using the Micro Focus Client system tray icon.
6. Stop capturing in Wireshark. Click Ctrl + E.
7. Save the Wireshark trace. Click Ctrl + S. Save as type Wireshark/tcpdump (*.pcap, *.cap).