Symantec IGA

  • Private Community
 View Only

  • 1.  Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Dec 16, 2016 09:49 AM

    Product - CA IDM 12.6 SP 8

     

    Hi,

    When a user is trying to change password in IDM, it shows this error:

     

    Cause: Active Dir. Account 'some' on 'AD' modification failed: Connector Server Modify failed: code 53 (UNWILLING_TO_PERFORM): failed to modify entry: eTADSAccountName=some ,eTADSOrgUnitName=some,eTADSOrgUnitName=some,eTADSDirectoryName=AD,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa: JCS@CM-WRG-: NOT IMPLEMENTED: JCS@CM-WRG-: JNDI: [LDAP: error code 53 - Unable to set Password Attribute: eTPassword Reason: Unwilling To Perform]: failed to modify eTADSAccountName=* Action: Reset password on user "*"



  • 2.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)
    Best Answer

    Broadcom Employee
    Posted Dec 18, 2016 09:02 PM

    See here:  Ldap Active directory change password Unwilling to perform Error 53  

     

    Basically the AD doesn't want to change the password as you are violating some rule it is configured to enforce: generally it is because the password doesn't match the password policy AD is enforcing.  



  • 3.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Dec 20, 2016 05:49 AM

    I'd also recommend you to check if your SSL settings between AD and Provisioning Server are correct. Your AD must have a SSL certificate in place in order to enable the LDAP-S protocol, and the certificate must be trusted by Provisioning Server. The ActiveDirectory API does not allow password changes via LDAP without SSL.

     

    Regards,

    Pioker



  • 4.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Dec 20, 2016 08:48 AM

    We are facing this issue only for some of the users. Other users are able to complete "change my password" successfully.



  • 5.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Broadcom Employee
    Posted Dec 19, 2016 03:04 PM

    Hi Yashpal,

     

    Did you see David's reply? Did you find more on the AD password policies, are they indeed what prevents this to work?

     

    Regards,

    Sagi



  • 6.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Jan 05, 2017 09:30 AM

    Hi Sagi, I have checked my AD password policy and found to be similar with IDM password policy. Some of the users are able to change password successfully but some are failing to do so. 



  • 7.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Jun 21, 2017 04:15 AM

    Hi Yashpal

     

     I am also facing the same issue , some of the users are able to change password successfully but some are failing .

     



  • 8.  Re: Password reset failed - code 53 (UNWILLING_TO_PERFORM)

    Posted Jun 21, 2017 09:47 AM

    Hi Mohan,

    Active Directory have native password policy rules which gets violate if you keep first name, last name or User ID as a part of password in IDM tasks. I suggest you to check if the user is violating AD's native password policy.