This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Password Capture Agent 7.0 , windows 2012 domain , "the passed password is not a string"

Hi there, 

I have Password Capture Agent 7.0 installed on a 2012 2-controller windows domain. So far it's working flawlessly on one of the DC. The other, however, shows the following message when any logged user changes the password:

"PasswordChangeNotify()-Thread (1140): The Job for this Password-change Username="xxxx" UserRid="NNNNN" was ignored because the passed password is not a string."

Any ideas?

  • Can you please specify the complete version number of the Password Capture Agent used? You can check the comments of the MSI package used to install the agent or the product version of the file "C:\Program Files\Dell\One Identity Manager\Password Capture Agent\Service\D1IMPWCaptureAgent.dll".
  • And in addition, is the username listed in the error a managed service or a machine account?
  • Hi,
    Sure. Version, for the .dll file.
  • The user listed in the error is an Active Directory account whose password has changed and that change being forwarded to Identity1.
  • Anything special to that changed user password? Was it a password change or a reset? Who has changed the password or how has the password been reset?
  • Password changed by the administrator. I think it's not related to either the user or how the password was changed , but rather to the domain controller. If either change is made on the other controller , then it works fine.
  • We are unable to reproduce the issue, that's why i am asking for details. To be able to narrow this thing down. Can you specify what settings you have for the registry keys underneath HKLM\SOFTWARE\Dell\One Identity Manager\Password Capture Agent\Driver\Ignoring. Are they the same on both servers?
  • Markus, feel free to ask whatever details you need.

    Now it is working on the server. I needed to reboot it and now it is working. But the former, flawless controller , has stopped working , showing the same error.

    To add more info: We have three password hooks installed on these servers: One to sync passwords to ldap 389ds , other to sync passwords to Google Apps and the third one to sync passwords to Identity1. Could the order these services are started have anything to do with the issue?
  • It can't be ruled out that the order or the password filters has something to do with that. If some of the filters manipulates the incoming data in a weird way, that may happen. I do not have this combination in our environments. Maybe the order in the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages is important. I would compare a working with a non-working one.
  • I have that feeling too. I'm moving on that direction. I also thought fsmo roles could affect but that has been discarded after my last test. I'll keep this thread updated.
    Danke schön , Markus! :)