Hi,

We have Kerio Connect (mail server) running on a Windows Server 2003 server on a domain. In the webmail client, users are able to change their domain password. This functionality used to work fine until a user tried to change their password a few days ago, when every password they'd try would result in the webmail client claiming their password was "invalid". I spoke to Kerio about this and they claim that this error is returned by the domain controller, which supports my initial investigations.

The error that the DC is logging when an attempt is made to change the password is this:

"80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece"

The "data 52e" part indicates that this is an "invalid credentials" error. I don't see how this can be as I've tried (in the Kerio Connect configuration) various accounts that have privileges to modify accounts, including my own as I am a domain admin.

I have ran 'dcdiag' (all tests) on the DC and it came back passing every single one of them. I've searched high and low for an answer to this and came up empty.

Does anyone have any idea why this may have suddenly started happening?

Thanks!

Edit: I should mention that the passwords we are changing to do comply with the complexity policy.