Anyone know how the hell Citrix Single Sign-On can be made to work for resetting domain passwords? I have it all installed and working, SSL certificates, Active Directory store, security questions registered correctly, the works. I am using XenApp 6 on 2008 R2 servers. However, when I try to reset a user's password, I get the error in the event logs - *User DOMAIN\username specified a new password that does not comply with the password policy. *The weird thing is, I can unlock accounts just fine.
Both my Active Directory password policy and the Single Sign-On Domain Policy can accept the password that I am trying to use, so I am at a loss to explain why the new password is rejected every time on grounds of complexity requirements. It even happens when I try to reset a Domain Admin account, so I doubt that user rights are the problem. The rejection event comes from the Single Sign-On Service, so I am assuming the problem is in the configuration of the Single Sign-On somewhere - but I have no idea where. I've Googled about and found a few people with similar issues, but no resolutions. It would be the final finishing touch to put to my new XenApp farm, having the ability to remove password resets from the helpdesk, so I am understandably frustrated about the problems I am having here. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
