Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

vastool password command error: "KPASSWD_HARDERROR: Hard error" (4295936)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

vastool password command error: "KPASSWD_HARDERROR: Hard error"
Description

$ vastool passwd
Changing password for biguser@idmdomain.com...
Password for biguser@idmdomain.com:
New password for biguser@idmdomain.com:
Verify password - New password for biguser@idmdomain.com:
ERROR: VAS_ERR_FAILURE: Unable to modify password for biguser@idmdomain.com.
Caused by:
KPASSWD_HARDERROR: Hard error
ERROR: Could not modify password
Cause

Microsoft group limitation when an account belongs to more than 1015 groups.
E.g.:

bash-3.00# vastool -u biguser auth dumppac | grep Group | wc -l
Password for biguser@idmdomain.com:
1020
Resolution

WORKAROUND:

Change the registry key as shown in article http://support.microsoft.com/kb/263693.

RESOLUTION:

Reduce the number of groups that user is a member of.
Additional Information

Here are a few Microsoft KB articles for your reference:

Users who are members of more than 1,015 groups may fail logon authentication
http://support.microsoft.com/kb/328889
Error message: During a logon attempt, the user's security context accumulated too many security IDs
http://support.microsoft.com/kb/275266
New resolution for problems with Kerberos authentication when users belong to many groups:
http://support.microsoft.com/kb/327825

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: Safeguard Authentication Services
4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.3, 4.1.2, 4.1.1, 4.1, 4.0.3, 4.0.2, 4.0.1, 4.0, 3.5.2

Topic(s):: Troubleshooting

Article History:: Created on: 1/6/2012
Last Update on: 5/7/2023

Search All Articles

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center