Jump to content


Photo

System detected a possible attempt to compromise security

detected compromise security

  • Please log in to reply
7 replies to this topic

#1 RangerGress

RangerGress

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 26 August 2016 - 01:15 PM

New install. When attempting to change password, Windows client users are getting an error message from Netwrix password mgr: "Change password failed. The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

 

Altho it's an Netwix dialog box presenting the error, the text is typical Windows, so I think the text of the error is coming from Windows. 

 

Even tho the error message seems to indicated a failed password change attempt, the password does change on the network. It's the client-side password that doesn't change. That is to say the client can now access network resources using the new password, but if you disconnect the client from the network, you will need the old password to log on to the client. That indicates to me that the client's password cache didn't learn about the password change. 

 

We are trying to roll this product out for remote users to deal with password changes. Therefore they will need to execute password changes from outside the network via the Password Change Manager server. Since the remote users don't normally log into the network, they being remote and all, the password cache on their notebooks needs to be synched with their network password. 

 

My gut feel is that the problem has to do with the remote notebook's password cache not being updated by the Password Manager server. So maybe there's a process not reaching out to the notebook, or the notebook isn't allowing the external process to do what it needs to do. 

 

Turning Kaspersky A/V off didn't change behavior. 

 

Don't see anything interesting in event logs on clients, Netwrix server, nor DCs. 

 

Clients are Win8.1 using https to connect to a Win2k8R2 Password Mgr server. DC's are Win2k8R2. 



#2 jhosford

jhosford

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 August 2016 - 06:00 PM

We have suddenly started seeing this as well. Many different OS's. No firewalls, refreshed DC records. Timing was around windows update maint windows. Both the DC and the Netwrix server would have been updated the same day.

 

Been trying things all day with no luck. Using Netwrix 6.5.782.0

 

Jon



#3 RangerGress

RangerGress

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 August 2016 - 06:09 PM

Netwrix Tech Spt is supposed to help us with this on Wed morning. If anything interesting happens, I'll post in this thread. One of the ideas I chased for a while was the possibility of a client-side conflict with a MS security patch, KB 2919355. It's Windows 8.1 "Update 1". We didn't get very far pursuing that theory because we found that the only client in the Enterprise that would allow us to uninstall the patch was my own primary workstation. Besides, the evidence in support of that theory wasn't all that strong anyhow. 



#4 jhosford

jhosford

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 30 August 2016 - 07:47 PM

I opened a ticket this afternoon on it and had a response that worked right away! In my particular case, (long running system) it was a MS security update not allowing fallback to NTLM from Kerobos for PW changes. Uninstalling it fixed the problem.

 

He gave me KB3177108 and KB3167679 to uninstall (until a fix is found). I only had KB3167679, but uninstalling it fixed the error.

 

Jon



#5 amoreno

amoreno

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 14 September 2016 - 05:24 PM

Just thought I'd chime in on this as it's happening again, but this time in the July 2016 Update Rollup (that apparently we recently approved in WSUS). 

 

https://support.micr...n-us/kb/3172605

 

Same "error" message as last time - "The system detected a possible attempt to compromise security..." even though the password reset does appear to go through.

 

Uninstalled rollup 3172605 and all is well again. 

 

Thoughts?



#6 amoreno

amoreno

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 September 2016 - 06:30 PM

The new 3175024 Security Update for the Windows Kernel also broke things.

 

https://support.micr...n-us/kb/3175024

 

Uninstalled and working. 

 

At this rate, if Netwrix doesn't provide a solution, we'll have to look into another Self Service Solution. 



#7 xavierl

xavierl

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 October 2016 - 08:06 PM

Hey Guys,

Anyone ever find a solution for this? I removed 2 of the MS Patches (KB3172605 & KB3175024) listed in the thread and i'm still getting the error.  I'm using Password Manager v. 6.6.845.0. It pretty much makes this app useless as we are a Mac house and need a solid way to reset/unlock passwords...



#8 garciagu

garciagu

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 16 October 2016 - 06:49 PM

Hi,

The following patches causes the change password to break: KB 3167679, 3172605, 3179573, 3175024.  The KBs indicate Microsoft was going to fix this in the October release but I installed KB3185330 and it also breaks it.    Don't think is safe to remove all this security patches especially the monthly rollups of Aug, Sep, and Oct.  

 

Any ideas?  My software triggers the exception when I do the ADobject.Invoke("Password Change", oldpassword, newpassword)







Also tagged with one or more of these keywords: detected, compromise, security

0 user(s) are reading this topic

0 members, guests, anonymous users