PWReset problem

37 views
Skip to first unread message

Daniele Carlini

unread,
Aug 22, 2025, 7:10:00 AM (14 days ago) Aug 22
to RCDevs Security
Hi RCDevs Group !
I have a problem with the Secure Password Reset and User Self-Service Desk for reset user password.
The connection with the 2 AD servers are in SSL : 

<LdapServer name="LDAP Server"
host="dc1.domain.local"
port="636"
encryption="SSL"
ca_file="" />


<LdapServer name="LDAP Server 2"
host="dc2.domain.local"
        port="636"
encryption="SSL"
ca_file="" />

the user proxy user have all privileges on AD to change attributes on users because when i change password on webadm admin page it's work !!!

Screenshot 2025-08-22 alle 12.58.26.png

but in Secure Password Reset or User Self-Service Desk i have this error :

Screenshot 2025-08-22 alle 13.02.40.png


and on webadm.log have this : 


[PwReset:6T8OFGF8] OpenOTP authentication success

[PwReset:6T8OFGF8] Resolved LDAP user: CN=MFA User 1,OU=Utenti,OU=Domain,DC=Domain,DC=local (cached)

[PwReset:6T8OFGF8] LDAP password Ok

[PwReset:6T8OFGF8] Login session started for CN=MFA User 1,OU=Utenti,OU=Domain,DC=Domain,DC=local

[PwReset:6T8OFGF8] Could not modify LDAP object 'CN=MFA User 1,OU=Utenti,OU=Domain,DC=Domain,DC=local' (0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0)

[PwReset:6T8OFGF8] Could not set LDAP password for 'CN=MFA User 1,OU=Utenti,OU=Domain,DC=Domain,DC=local' (Server is unwilling to perform)

[PwReset:6T8OFGF8] Recorded alert in SQL database


I don't know what to watch anymore :(

Does anyone have any suggestions?

Thanks

Daniele


Spyridon Gouliarmis (RCDevs)

unread,
Aug 22, 2025, 7:14:47 AM (14 days ago) Aug 22
to RCDevs Security
Hello Daniele,

your new password very probably does not pass the complexity and history requirements of Windows. The fact that you can set it as an administrator, using our software or on Windows directly, is because administrators bypass those requirements. When you act in the web GUI, it is not as the proxy user, it is as the account you logged in with.

Daniele Carlini

unread,
Aug 22, 2025, 9:22:03 AM (14 days ago) Aug 22
to RCDevs Security

aah ok I didn't know this thing.

I change the restrictions on GPO and now works !

but i try this :

i add the proxy user as a super_admins in webadm.conf and restart services.

the proxy user as a Domain User

Screenshot 2025-08-22 alle 14.53.14.png


and I login in a webadm and i able to reset password for the users.

This is possible because i have setting all ACL described in https://docs.rcdevs.com/ad-acls-proxy_user ?


Spyridon Gouliarmis (RCDevs)

unread,
Aug 22, 2025, 9:27:04 AM (14 days ago) Aug 22
to RCDevs Security
Probably, yes, because of your version of one of these two lines:
dsacls "CN=Users,DC=rcdevsdocs,DC=com" /I:S /G 'RCDEVSDOCS\proxy_user:WPRP;userPassword'
dsacls "CN=Users,DC=rcdevsdocs,DC=com" /I:S /G 'RCDEVSDOCS\proxy_user:WPRP;unicodepwd'

Yoann Traut (RCDevs)

unread,
Aug 27, 2025, 5:13:59 AM (9 days ago) Aug 27
to RCDevs Security
Are you respecting the AD password policy? 
This error make me think that you are not respecting it and AD is refusing the new password. Try with a very strong password to see if it works.

Regards

Daniele Carlini

unread,
Aug 29, 2025, 10:01:37 AM (7 days ago) Aug 29
to RCDevs Security

Initially, no, because I thought the password reset was forced and didn't comply with AD policies.
Anyway, everything works fine.

Thanks
Daniele
Reply all
Reply to author
Forward
0 new messages