Password can be verified but not changed on a Windows computer with a 'Windows Remote' target application.

Document ID : KB000116607
Last Modified Date : 30/09/2018
Show Technical Document Details
Issue:
I need to verify and change the password of the local Administrator account on the windows servers.
After creating the proper 'Windows Remote' target application and target account, the password can be verified but not changed.
Looking at the catalina.out file the following error message appears:

SEVERE: UpdateTargetAccountCmd.invoke 15616: machine <ComputerName> rejected the password change: Error was : Password restriction. 
Environment:
Any Virtual or Hardware appliance running PAM server 3.x or above.
Cause:
There is a local policy on <ComputerName> with a password complexity harder that the provided password.
Resolution:
In order to solve this problem both criteria have to match, so you can either:
  • Make the PAM Password Composition Policy match the complexity defined on the Windows computer local password policy.
or
  • Make the complexity defined on the Windows computer local password policy match the PAM Password Composition Policy.
Additional Information:
See also: http://thinkinginsoftware.blogspot.com/2013/10/change-your-windows-domain-credentials.html