Error: Could not change password. When attempting to sign into Service Desk using the explicit logon type

Version 2

    Verified Product Versions

    Service Desk 2016.xAsset Manager 2016.xAsset Manager 2017.xService Desk 2017.x

    Error message:

    When signing into a Service Desk application (Console, Web Access, Workspaces) that has been set up to use the explicit logon type.

    User will be unable to login via explicit login after you set the new Hash Algorithm, as now an SHA2 Hash is been expected but the old MD5 hash is still in place.

    You cannot extract the original Password out of Hashes, so you will need to set a new deafult password for your users (e.g. via New password Hashes in 2017.1)


    This is caused by the user's hash algorithm value not matching the database's hash algorithm value. This controls how the user's password is read from the database. This only affects the explicit logon type and will not have any effect on the options for Integrated, Shibboleth, Token, or Identity Server.


    Solution / Workaround:

    To correct this error any user's hash value that is not correct needs to match the database value. The attached script will read the database value and update any user's that are not set correctly.


    declare @algorithm int = (select md_password_hash_algorithm from md_catalog)

    update tps_password set tps_password_hash_algorithm = @algorithm

    where tps_password_hash_algorithm <> @algorithm