Changes the password, but gives lots of errors

[igenkin]

PassCore Server

• OS: Windows

• Provider: Active Directory

• Version: 4.2.3

• Settings file:

{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Debug",
"System": "Information",
"Microsoft": "Information"
}
},
"WebSettings": {
"EnableHttpsRedirect": true
},
"AppSettings": {
// The following options for AD Provider (remove if you don't use this Provider)
"UseAutomaticContext": true, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
"RestrictedADGroups": [
"Administrators",
"Domain Admins",
"Enterprise Admins"
], // Set the AD groups to restrict the use of PassCore
"AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
"IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
"UpdateLastPassword": false, // Set true to allow PassCore to update the last password timestamp
// The following options are for LDAP Provider (remove if you don't use this Provider)
"LdapSearchBase": "OU=ABC,OU=XYZ,DC=BLAHBLAH,DC=local",
"LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
"LdapStartTls": false, // Default for AD is true when using LDAP 389
"LdapChangePasswordWithDelAdd": true,
"LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
// General options (valid for both providers)
"LdapHostnames": [ "domaincontroller.blahblah.local" ], // Set your hostname(s)
"LdapPort": 636, // Default for AD is 389, for LDAPS 636
"LdapUsername": "service_account_for_ldap", // Set the username or distinguish name (DN) to bind the LDAP server
"LdapPassword": "password", // Set the password for the username
"DefaultDomain": "blahblah.local" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
},
}

• Log file:

System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 2134.192ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 2134.5465ms 400 application/json; charset=utf-8
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 2145.6306ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 2145.7274ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
Access is denied. (0x80070005 (E_ACCESSDENIED))
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 1587.3233ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1587.4036ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 1408.6236ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1408.7017ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultE

Describe the bug
The passcore does change the password. It confirms that and I can use new password after that. So this is working, but at the same time it throws lots of error messages. The first error is 'Access is denied. (0x80070005 (E_ACCESSDENIED))', then it disappears and then gives an error about complex password policies.

• If I change 'UseAutomaticContext' to 'false' then it doesn't change password at all.
• Username and password for LDAP user are correct - that's been confirmed.
• LDAPS on the Active Directory server is working. Verified with LDP.EXE app and the LDAP service account used for passcore.
• LDAP account has Domain Admin rights ATM.
• Old and new passwords are certainly not used before and complex enough. I'm testing with passwords like 'F@st3r-ce7ngo-ro@tto'. See the password policies screenshots at the bottom.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'password.blahblah.com' site to change password
2. Enter username@blahblah.com, old password, new password, new password.
3. Click 'Change Password' and wait
4. See error

Expected behavior
No errors.

Screenshots

Desktop:

• OS: Windows Server 2019
• Browser Chrome
• Version 93.0.4577.82

Additional context

1. Couldn't make v4.2.4 working at all so had to downgrade to v4.2.3. At least with this version it does change passwords.
2. Couldn't make it working with using installation PowerShell script so had to use instructions to install it manually.
3. Had to add Application Pool twice. First time as in the instructions and then within the website . Without that it gives "Server is not ready" error. See screenshots below.

Current AD domain password policy:

[JerCHA81]

Hello,
i got same problems when changing a password. There is a lot of error message and finally a message that say the password has been change and password has really been change.
Is there any back about this problem ?

[eduder]

Having the same problem on 4.2.4, running on a Ubuntu 20.04 server talking to 2016 Server AD. Locks the user account out and spams 400 errors in the browser log. Looks like there were previous bugs filed for this but it's been closed.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[simonai1254]

Keepalive

[LaxVolt]

@igenkin - not sure if this will help you but we resolved this on 4.2.0 by changing the flag "LdapChangePasswordWithDelAdd" to false.