Error "ERROR: VAS_ERR_FAILURE: Could not determine correct salt to generate DES key ERROR: Could (4259668)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Error "ERROR: VAS_ERR_FAILURE: Could not determine correct salt to generate DES key ERROR: Could
Description

When rolling the password on a DES account you receive the below error:

[root@centos tmp]# /opt/quest/bin/vastool -u administrator passwd -re -k /etc/opt/quest/vas/nfs.keytab nfs/
administrator@YOURDOMAIN.COM setting password for centos-nfs@YOURDOMAIN.COM...
Password for administrator@YOURDOMAIN.COM:
Saving new key in keytab file: /etc/opt/quest/vas/nfs.keytab
ERROR: VAS_ERR_FAILURE: Could not determine correct salt to generate DES key
ERROR: Could not modify password
Â
Cause

This command causes two pre-auth failures to the DES account, this will increase the BadPwdCount on the account by 2. Depending on the AD Password Policy this can cause the account to be locked out if the command is ran mutliple times.
Resolution

WORKAROUND

From Active Directory Users and Computers locate the user account, unlock it and rerun the command.

STATUS

Waiting for fix in a future release of Quest Authentication Services. Any future fix will reduce the pre-auth attempts from 2 to 1.
Change Request

21139

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title