C# AD user ChangePassword error 0x80070056 the specified network password is not correct

Jonathan Dechaseaux 21 Reputation points
2022-04-05T11:21:48.597+00:00

I'm asking for help about a C# asp net program that change password of ad users.

It works well most of the time, but sometimes i have this case :

Exception de HRESULT : 0x80070056 The specified network password is not correct System.DirectoryServices.AccountManagement.ADStoreCtx.ChangePassword(AuthenticablePrincipal p, String oldPassword, String newPassword)

This is my code :

PrincipalContext ad = new PrincipalContext(ContextType.Domain, "adomaincontroller", "specificOU", "domainadmin", "password");

if (ad.ValidateCredentials(model.UserName, model.OldPassword))
                    {
                        ModifyPassword("adomaincontroller", model.UserName, model.OldPassword, model.Password);
                        return RedirectToAction("ChangePassword", "ChangePassword");
                    }

public void ModifyPassword(string domain, string userName, string oldPassword, string newPassword)
    {
        try
        {
            using (var context = new PrincipalContext(ContextType.Domain, domain))
            using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName))
            {
                user.ChangePassword(oldPassword, newPassword);
            }
        }
        catch (Exception ex)
        {
                some stuf to log error here

        }
    }

I can assure you the old password specified is correct. I check it with ValidateCredentials.

So in some case this error hapenned, but ... the user's password is changed anyway, so it works but the error apperead ... I don't undestand.

I saw some threads about this error, speaking about windows KB, but its aparently not my case.

Thanks for help

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,098 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,526 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,476 Reputation points
    2022-04-11T19:25:08.637+00:00

    Hi @Jonathan Dechaseaux

    I can see you've mentioned that your case is not related to KB.

    It's an Exception Error message for that you'll need to implement exception handling code part too which I an see is not available in code you've provided.

    Actually after updates, you have kerberos.dll in it by which the necessary exception is obviously introduced in KB3126041 but if you implement the exception without removing KB3126041 then too your query will be resolved.

    Yes. It's occurs due to KB3126041.

    After you Uninstall or remove it, the problem will be solved but the error message will be there.

    But for best results implement Exception Handling for which you can refer to https://learn.microsoft.com/en-us/dotnet/standard/exceptions/best-practices-for-exceptions

    -----------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Jonathan Dechaseaux 21 Reputation points
    2022-04-12T06:12:57.19+00:00

    Thanks for your help @Limitless Technology , now i understand better the situation and why it happens.

    I did updates in my code to handle exception, its probably not clean, but better i guess :

    	if (ModelState.IsValid)  
            {  
                if (SearchADUser(model.UserName))  
                {  
                      
                        if (ad.ValidateCredentials(model.UserName, model.OldPassword))  
                        {  
                            ModifyPassword("domaincontroller", model.UserName, model.OldPassword, model.Password);  
                            return RedirectToAction("ChangePassword", "ChangePassword");  
                        }  
                        else  
                        {  
                            string error = "Le nom d'utilisateur ou le mot de passe actuel est incorrect pour l'utilisateur : " + model.UserName;  
                            SendMailToLogErrors(model.UserName, error);  
                            TempData["BadPassword"] += "Le nom d'utilisateur ou le mot de passe actuel est incorrect" + "<br>";  
                            TempData["BadPassword"] += "<img src='/Images/kaamelott_bad_password.gif' class='img-fluid' alt='Success'>";  
                            return RedirectToAction("ChangePassword", "ChangePassword");  
                        }  
                }  
                else  
                {  
                    string error = "Impossible de trouver l'utilisateur : " + model.UserName;  
                    SendMailToLogErrors(model.UserName, error);  
                    TempData["UserDoesntExist"] = "L'utilisateur " + model.UserName + " n'existe pas." + "<br>";  
                    TempData["UserDoesntExist"] += "Merci de contacter le Service Informatique" + "<br>";  
                    TempData["UserDoesntExist"] += "<img src='/Images/voila-il-existe-pas.gif' class='img-fluid' alt='Success'>";  
                    return RedirectToAction("ChangePassword", "ChangePassword");  
                }  
    
            }  
    	  
    	public void ModifyPassword(string domain, string userName, string oldPassword, string newPassword)  
        {  
            try  
            {  
                using (var context = new PrincipalContext(ContextType.Domain, domain))  
                using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName))  
                {  
                    user.ChangePassword(oldPassword, newPassword);  
                }  
                TempData["ChangePasswordSuccess"] += "Le mot de passe pour l'utilisateur " + userName + " a bien été modifié" + "<br>";  
                TempData["ChangePasswordSuccess"] += "<img src='/Images/felicitations.gif' class='img-fluid' alt='Success'><br>";  
                  
                SendMailToLog(userName);  
            }  
            catch (System.Reflection.TargetInvocationException ex)  
            {  
                    TempData["ChangePasswordFailed"] += "Vous n'êtes pas autorisé à modifier le mot de passe de cet utilisateur<br>";  
                    TempData["ChangePasswordFailed"] += "<img src='/Images/la-limite-du-systeme.gif' class='img-fluid' alt='limite'>";  
            }  
            catch (Exception ex)  
            {  
                if (ex.Message.Contains("Ce mot de passe ne correspond pas aux critères de stratégie de mot de passe"))  
                {  
                    TempData["ChangePasswordFailed"] += "Échec de changement du mot de passe<br>";  
                    TempData["ChangePasswordFailed"] += "Le mot de passe ne respecte pas les critères de sécurité <br> Vous ne devez pas réutiliser 1 de vos 3 derniers mots de passe, ni utiliser 3 lettres successives de votre prénom / nom" + "<br>";  
                    TempData["ChangePasswordFailed"] += "<img src='/Images/kaamelott-karadoc.gif' class='img-fluid' alt='complexe'>";  
                }  
                else if (ex.Message.Contains("Le mot de passe réseau spécifié est incorrect"))  
                {  
                    TempData["ChangePasswordSuccess"] += "Le mot de passe pour l'utilisateur " + userName + " a bien été modifié" + "<br>";  
                    TempData["ChangePasswordSuccess"] += "<img src='/Images/felicitations.gif' class='img-fluid' alt='Success'><br>";  
    
    				string error = "Erreur non blocante, le mot de passe a quand même été modifié !";  
                    SendMailToLogErrors(userName, error);  
                }  
                else  
                {  
                    TempData["ChangePasswordFailed"] += "Échec de changement du mot de passe<br>";  
                    TempData["ChangePasswordFailed"] += "Type d'erreur : " + ex.GetType() + "<br>";  
                    TempData["ChangePasswordFailed"] += "Détail : " + ex.Message + "<br>";  
                    TempData["ChangePasswordFailed"] += "Source : " + ex.StackTrace + "<br>";  
                }  
            }  
        }
    
    0 comments No comments