SecureLogin has detected that a password change has occurred

  • 7940426
  • 19-Aug-2009
  • 26-Jun-2012


Novell SecureLogin
NetIQ SecureLogin



SecureLogin in Active Directory mode sees the following message every time SecureLogin loads:

SecureLogin has detected that a password change has occurred. For security reasons, it is necessary to log out of windows and log back in.
The above message appears even when the password has not been changed.


Possible causes / solutions:
1.  This error has been seen when the workstation has lost its associtation with the domain.  Enter the passphrase when prompted.  If the following message appears then remove the workstation from the domain, reboot, and add it back in to the domain.
"The trust relationship between this workstation and the primary domain failed."
The workstation's domain association can be reset in properties of "my computer," by changing the "computer name" settings.  Set the domain to "workgroup," reboot, and then set it back to the correct domain name. 
2. When SecureLogin loads, slcredman.dll stores an encrypted copy of the user’s AD password. This passkey (AD password) is used if the AD password needs to be passed to applications, and to determine whether the user’s password has been reset by the administrator.

The error typically appears because of one of the following:

  • Slcredman is listed first in the network provider order (move it to last place to test)
  • SecureLogin is unable to read a valid passkey in the registry
  • The user has never started SecureLogin but is attempting to administer it (e.g. for another OU, User or Group Policy) using the MMC snap-in or SLManager
  • Workstation has not been restarted after installation
  • If slcredman is not installed/registered properly.
  • If slcredman is registered properly, then for some reason slcredman can't write the passkey into the registry (e.g. rights, try assigning local administrator rights to troubleshoot).
  • User's password has been reset from the server (e.g. by administrator) and the passkey in the registry is invalid.

If the workstation has been restarted, SecureLogin has been started, and you have verified the above possible causes and the message still appears, users must be granted permissions to write to the registry (not the entire registry, just the Protocom key).

Use regedit to check if the following registry keys and values are present:

1.) slcredman must be listed after LanmanWorkstation [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetworkProviderOrder]""ProviderOrder""="" LanmanWorkstation,RDPNP,WebClient, SLCredman,"" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSLCredMan]""DisplayName""=""SecureLogin SSO""""Group""=""NetworkProvider"" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSLCredManNetworkProvider]""Class""=dword:00000002 ""Name""=""SecureLogin SSO Credential Manager""""ProviderPath""=""C:\Program Files\Protocom\SecureLogin\slcredman.dll"" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSLCredManEnum]""0""=""Root\LEGACY_SLCREDMAN\0000""""Count""=dword:00000001 ""NextInstance""=dword:00000001 2.) PassKey [HKEY_LOCAL_MACHINESOFTWAREProtocomSecureLoginVolatile]""passkey|delta""=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ""passkey""=hex:01,00,00,00,d0,8c, ........