VMware Cloud Community
jonathanvh
Enthusiast
Enthusiast
‎12-26-2014 01:28 AM
Jump to solution

AD password change via Orchestrator

Hi,

I'm trying to change the password for an AD user account with the default workflow included in Orchestrator: 'Change a user password'

But every time I receive the error: Cannot update unicodePwd:  (Dynamic Script Module name : setUserPassword#52994)

The Orchestrator version is: 5.5.2.1951762 (5.5.2.1946710)

The AD plugin is: Active Directory 1.0.5.1866388

Can anybody help me with this?

Kind regards,

Jonathan

0 Kudos
1 Solution

Accepted Solutions
jlperez01
Enthusiast
Enthusiast
‎12-30-2014 07:25 PM
Jump to solution

Hi Jonathan,

Before running the "Change a user password" workflow, ensure you first run the "Configure Active Directory server" workflow, and within it you must select the "Use SSL" option (and verify that the Port changes to 636 instead of the default port 389).

The "Change a user password" workflow will only work if the LDAP connection to your Active Directory server is encrypted with SSL.

(see attached screenshot with an example)

Hope that solves your issue!

View solution in original post

Preview file
71 KB
0 Kudos
3 Replies
jlperez01
Enthusiast
Enthusiast
‎12-30-2014 07:25 PM
Jump to solution

Hi Jonathan,

Before running the "Change a user password" workflow, ensure you first run the "Configure Active Directory server" workflow, and within it you must select the "Use SSL" option (and verify that the Port changes to 636 instead of the default port 389).

The "Change a user password" workflow will only work if the LDAP connection to your Active Directory server is encrypted with SSL.

(see attached screenshot with an example)

Hope that solves your issue!

Preview file
71 KB
0 Kudos
jonathanvh
Enthusiast
Enthusiast
‎01-06-2015 01:50 AM
Jump to solution

I'll give this a try.

SSL isn't enabled.

But when I try it via the workflow I get this error:

Error connecting to address pocdc01.pocvirtual.local:636 : Remote host closed connection during handshake

And when I'm changing it via the web GUI I get this error:

ErrorUnable to connect to LDAP Serversimple bind failed: pocdc01.pocvirtual.local:636
0 Kudos
jlperez01
Enthusiast
Enthusiast
‎01-06-2015 08:21 AM
Jump to solution

You may want to verify that your AD Domain Controller is enabled to accept LDAP over SSL (aka LDAPS)

To check it, you could use the Windows LDP tool: On your domain controller, click Start and type "ldp" in the search box to launch it.

Click Connection > Connect...

In the Connect window, type the FQDN of your server, select port 636, and select the SSL checkbox. Then click OK.

If LDAP over SSL is enabled, you should see around the 5th or 6th line in the connection output a message that reads:

"Host supports SSL, SSL cipher strength = xxx bits"

"Established connection to <your AD server>"

If the above fails it means LDAPS is not enabled on your AD DC. Do a Google search for "enabling LDAPS for domain controllers".

But if the above works, then maybe your Orchestrator server has problems accepting the DC's SSL certificate. Ensure that the option "Ask for confirmation when importing SSL certificate" is set to "No".