When rolling the password on a DES account you receive the below error:
[root@centos tmp]# /opt/quest/bin/vastool -u administrator passwd -re -k /etc/opt/quest/vas/nfs.keytab nfs/
administrator@YOURDOMAIN.COM setting password for centos-nfs@YOURDOMAIN.COM...
Password for administrator@YOURDOMAIN.COM:
Saving new key in keytab file: /etc/opt/quest/vas/nfs.keytab
ERROR: VAS_ERR_FAILURE: Could not determine correct salt to generate DES key
ERROR: Could not modify password
Â
This command causes two pre-auth failures to the DES account, this will increase the BadPwdCount on the account by 2. Depending on the AD Password Policy this can cause the account to be locked out if the command is ran mutliple times.
WORKAROUND
From Active Directory Users and Computers locate the user account, unlock it and rerun the command.
STATUS
Waiting for fix in a future release of Quest Authentication Services. Any future fix will reduce the pre-auth attempts from 2 to 1.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center