Thycotic Community Forum

12/26/2012 7:21:24 AM netadmin Posts: 6	I'm trying to set up the remote password change and I've yet to get it to work. Let me explain my current set up. I've duplicated an existing local windows template to test out the auto change feature and assigned one secret which is a local windows account on a system. Its settings are as follows: Enable remote password changing: enabled Enable Heartbeat: enabled Heartbeat Check interval: 7 days Password type: Windows Account Machine: windows system name Password: Password Username: Username I enabled remote password changing and set password expiration on the template to every 30 days. When we set up SecretServer a couple years back, we originally edited our default password policy so it is a length of between 8 and 20 characters and is composted of at least 1 lower, 1 upper, 1 numeric and 1 symbol. We only use this modified default password policy in all templates. When enabling auto change on the secret, I've left the password field blank, as indicated by the user guide, it should auto-generate a password. Auto change is configured on the secret with the default settings: enabled using reset password settings of "credentials on secret" The Auto change schedule is set up for none, for testing. If I expire the password and then click on the remote password changing tab for the secret, click the "change password remotely" button, click generate and finally click the "change button", when I look at the remote password change log, I always get an error on the secret that reads "Change password failed: Unknown. (NERR_PasswordPolicySettings) " If I check the password policy default, it looks fine. If I look at the generated password, it looks fine. My remote password changing nor auto changing works. I've looked at the forums and the user guide and so far I've not been able to self-diagnose this issue. Would anyone have any hints at what the problem might be or further logs I can look at to provide better detail into this? Thank you Ted -- Baldwin & Lyons, Inc. Network Services
	0 • link
12/26/2012 9:42:00 AM Joshua C Administrator Posts: 75	Good Morning, The error message that you are seeing is what is been given back to us from windows after attempting a change. There are two ways to diagnose this issue. First try logging in as that account and have it change its own password to the one that it failed to generated in Secret Server. The second one is to assign a privileged account to that Secret and then changing the password. If you still can not resolve the issue after trying those please open a ticket and I will be glad to do a remote session to take a closer look. Kind Regards, Joshua Conroy -- Thycotic Support Engineer
	0 • link
12/26/2012 9:55:29 AM netadmin Posts: 6	Thank you, the suggestion to change to the privileged account worked. Since the system is joined to Active Directory, I used an AD service account with admin rights on that system and it worked well. Is there a way to assign the privileged account to the templates? I'm not seeing a way to do that. Thank you Ted -- Baldwin & Lyons, Inc. Network Services
	0 • link
12/26/2012 10:06:15 AM Joshua C Administrator Posts: 75	Good Morning, Privileged accounts are assigned on the Secret level not the template level. If you want to assign a privileged account to multiple Secrets we do have a bulk operation to do so at the bottom of the Secret panel on the home page. Kind Regards, Joshua Conroy -- Thycotic Support Engineer
	0 • link
12/26/2012 10:14:54 AM netadmin Posts: 6	Many thanks! -- Baldwin & Lyons, Inc. Network Services
	0 • link

---