LDAP authentication issue with Kerio Connect

Posted by djk on Server Fault See other posts from Server Fault or by djk
Published on 2011-01-14T16:46:31Z Indexed on 2011/01/14 16:55 UTC
Read the original article Hit count: 393

Hi,

We have Kerio Connect (mail server) running on a Windows Server 2003 server on a domain. In the webmail client, users are able to change their domain password. This functionality used to work fine until a user tried to change their password a few days ago, when every password they'd try would result in the webmail client claiming their password was "invalid". I spoke to Kerio about this and they claim that this error is returned by the domain controller, which supports my initial investigations.

The error that the DC is logging when an attempt is made to change the password is this:

"80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece"

The "data 52e" part indicates that this is an "invalid credentials" error. I don't see how this can be as I've tried (in the Kerio Connect configuration) various accounts that have privileges to modify accounts, including my own as I am a domain admin.

I have ran 'dcdiag' (all tests) on the DC and it came back passing every single one of them. I've searched high and low for an answer to this and came up empty.

Does anyone have any idea why this may have suddenly started happening?

Thanks!

Edit: I should mention that the passwords we are changing to do comply with the complexity policy.

© Server Fault or respective owner

Related posts about windows-server-2003

Related posts about active-directory