Open Enterprise Server 11 (OES11)
Open Enterprise Server 11 SP1 (OES11SP1)
Domain Services for Windows
User can not login to domain
Password was changed or set with Novell Client, now user can not log into the domain
Password was set on an eDirectory server and not a DSfW server, now user can not login to the domain
ERROR: -1659 Failed get password for user is returned in a NMAS trace
All Universal Password Policies used with DSfW need to have the option "Synchronize Distribution Password" set if the password is set is a non DSfW server is setting the password.
In iManager click on the Passwords role
Click on Password Policies
Click on the password policy for the domain
Click on the Universal Password tab
Click on the Configuration Options sub tab
Check the "Synchronize Distribution Password when setting Universal Password" box
Taking a NMAS trace while the user logs in to the domain the following error is returned:
1237497600 NMAS: [2013/01/06 16:32:26.216] ERROR: -1659 Failed get password for
1237497600 NMAS: [2013/01/06 16:32:26.216] ERROR: Failed to modify entry
<missing entry 0x49c2aa20>: -1659 (0xfffffffffffff985)
The Password was set on a Non DSfW server. The Distribution Password was not set in the Password Policy. If the password is set on a eDirectory server with out syncing the Distribution Password then the supplementalCredentials for the Domain user will not be updated.
See TID 7009602
on how to take a NMAS trace
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.