joshsfinn
asked on
Enforcing Windows password policy on SQL accounts
I have created several SQL accounts on a SQL 2005 server, enforcing password policy, but not enforcing password expiration or "user must change password at next login."
I did not encounter any errors when setting up these accounts. However, the accounts lock when trying to use these accounts to make connections against the databases.
When I unlock the SQL account and hit ok, I get the following error:
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough. (Microsoft SQL Server, Error: 15118)
In Active Directory Group Policy our password policy is set as follows:
Enforce password history: 10 passwords remembered
Maximum password age: 90 days
Minimum password age: 7 days
Minimum password length: 8 characters
Password must meet complexity requirements: Enabled
Store password using reversible encrption for all users on the domain: Disabled
The same settings are in place on the SQL server's local security settings.
For one SQL account I created, the password was 9 characters long, and contained symbols, numbers, and lower-case letters. The other account was 10 characters long, and contained upper-case letters, lower-case letters, and numbers.
Both passwords meet the password policy defined, and meet Microsoft's password complexity rules.
Can someone explain what I might be doing wrong, or what I'm missing?
Thanks
I did not encounter any errors when setting up these accounts. However, the accounts lock when trying to use these accounts to make connections against the databases.
When I unlock the SQL account and hit ok, I get the following error:
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough. (Microsoft SQL Server, Error: 15118)
In Active Directory Group Policy our password policy is set as follows:
Enforce password history: 10 passwords remembered
Maximum password age: 90 days
Minimum password age: 7 days
Minimum password length: 8 characters
Password must meet complexity requirements: Enabled
Store password using reversible encrption for all users on the domain: Disabled
The same settings are in place on the SQL server's local security settings.
For one SQL account I created, the password was 9 characters long, and contained symbols, numbers, and lower-case letters. The other account was 10 characters long, and contained upper-case letters, lower-case letters, and numbers.
Both passwords meet the password policy defined, and meet Microsoft's password complexity rules.
Can someone explain what I might be doing wrong, or what I'm missing?
Thanks
ASKER
Microsoft's password complexity requires only 3 of the 4 conditions be met. (http://support.microsoft.com/kb/821425) My own AD account, which is subject to the same password policy, has never contained a symbol, and has never had an issue.
This makes me think the issue is with the SQL applicaiton, not the password.
This makes me think the issue is with the SQL applicaiton, not the password.
Humour me - try it.
ASKER
Same error. I set the password of one of the accounts, meeting all 4 requirements , but when I went back in to check, the account it was locked.
The password is 10 characters, includes a symbol, 6 lower-case letters, 2 numbers, and one upper-case letter.
The password is 10 characters, includes a symbol, 6 lower-case letters, 2 numbers, and one upper-case letter.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator
Yes, I too was trying to create a SQL account (SQL Server 2012) and got this error, and did the complex password thing, but still got the error. I unchecked enforce password policy and I was able to create the user.
8 or more characters long
Contains an UPPER CASE letter
Contains a LOWER case letter
Comtains a NUMBER 0-9
Contains a symbol eg @, #, % or !