Practical Technology

for practical people.

Avoiding Server 2008 Password Troubles


I was setting up Windows Server 2008 on a test system today to get a better grip on Microsoft’s just released Hyper-V virtualization when I ran into a completely unexpected problem: I couldn’t set up the system’s initial password

I expected to have some trouble integrating Server 2008 into my network. My LAN, while it used AD (Active Directory), relies on Samba and LDAP (Lightweight Directory Access Protocol) so I expected to have some trouble with, at a minimum, some authentication issues. And, indeed, I did run into that kind of problem, but first I had to get logged into my server. This is not a problem I ever expected to have with a modern operating system.

Much to my annoyance, I found that I couldn’t get the system to accept any password. At first, I thought that, since the system was already physically hooked into the network, that I might already be running into a network authentication problem. The error message:

“Unable to update the password.
The value provided for the new password does not meet the length, complexity, or history requirements of the domain”

certainly wasn’t coming from my Kerberos server. I also couldn’t find any messages being passed from Kerberos to the Server 2008 machine that would have triggered an error message from that end.

So, what was going on here? My passwords tend to be arbitrary six to twelve alphanumeric strings. These are not user-friendly passwords. There is no way, I thought, that they couldn’t meet any standard for passwords. It turns out I was wrong.

Server 2008 has its own requirements for passwords and they went beyond mine. To be exact, passwords must have at least three of the four following characteristics. They must include 1) English uppercase characters; 2) English lowercase characters; 3) Base 10 digits . and 4) ASCII Non-alphabetic characters, such as “!, $, #, %.”

My mistake? I almost never use uppercase letters in my passwords so, ‘zym56bif08’ wasn’t complicated enough. “Zym56bif08” was just fine.

Now, that I know this, thanks to rooting around TechNet, it makes sense. Still, I do wish that Microsoft had linked in an explanation of what was what with it in the installation routine so I wouldn’t have to had waste so much time simply setting up my first password. Guys, you really didn’t need to make it this hard.


Leave a Reply