Quite often a user's password is changed directly in Active Directory or on a machine which did not have the SafeGuard client installed on. As the SafeGuard client was not there to capture the password change, and update the user's certificate, SafeGuard is unaware the user has changed their password. As a result, SafeGuard prompts the user for an 'old password' when they try to log in to their Windows profile.
What to do
If the user knows their old password, simply entering it into the prompt will update their certificate and push the new certificate back to the server.
If they do not know the old password, the easiest way to resolve this issue is to delete the users certificate in the SafeGuard Management Center. The user can then log into Windows, on a machine with the SafeGuard client, an receives a new certificate form the SafeGuard Server.
The steps below will guide you through this process:
- If the user is unable to log in at the POA, due to the forgotten password, perform a Challenge/Response to get them past the POA to the Windows login prompt.
- Reset the user's password in AD with a temporary password.
- Have the user log into Windows with the temporary password and click Cancel on the Old Password prompt from SafeGuard.
- In the SafeGuard Management Center > Users and Computers, locate the user, open their Certificate tab, and left-click to highlight their certificate (screenshot one).
- Delete the user's old certificate by selecting, in the toolbar, Actions > Remove (screenshot two).
- Have the user synchronize the client with the server by right-clicking the SafeGuard systray icon and selecting Synchronize
- Once the sync is complete, have them log out of Windows and back in again (still with the temporary password). They should not be prompted for their old password.
- Have the user change their password using Ctrl+Alt+Del.
The correct way of changing user's SafeGuard certificate password is via :
Ctr+Alt+Del > Change A Password... in Windows on their SafeGuard protected machine (using the SafeGuard Credential Provider).