MBSA: Error 1721, weak password

I keep getting Error 1721 for local accounts I have on 2008 server (64-bit).
I'm running the MBSA under a domain account that is an administrator of the
server.

The local account that keeps getting flagged by MBSA has a password of
Wh$v9Jx^=b

so I have no clue as to why it thinks that is a weak password. Any
suggestions?

 

Re: Error 1721, weak password

[[Forwarded to MBSA- and Windows Server-specific newsgroups via crosspost.]]

Shawn Martin wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I keep getting Error 1721 for local accounts I have on 2008 server
> (64-bit).
> I'm running the MBSA under a domain account that is an administrator of
> the
> server.
>
> The local account that keeps getting flagged by MBSA has a password of
> Wh$v9Jx^=b
>
> so I have no clue as to why it thinks that is a weak password. Any
> suggestions? <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

PA Bear [MS MVP] wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> [[Forwarded to MBSA- and Windows Server-specific newsgroups via
> crosspost.]]
> Shawn Martin wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
>> I keep getting Error 1721 for local accounts I have on 2008 server
>> (64-bit).
>> I'm running the MBSA under a domain account that is an administrator
>> of the
>> server.
>>
>> The local account that keeps getting flagged by MBSA has a password
>> of Wh$v9Jx^=b
>>
>> so I have no clue as to why it thinks that is a weak password. Any
>> suggestions?<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

Too short?

Andrew

 

Re: Error 1721, weak password

The policy is set for an 8 character minimum.

"Andrew Morton" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> PA Bear [MS MVP] wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > [[Forwarded to MBSA- and Windows Server-specific newsgroups via
> > crosspost.]]
> > Shawn Martin wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> I keep getting Error 1721 for local accounts I have on 2008 server
> >> (64-bit).
> >> I'm running the MBSA under a domain account that is an administrator
> >> of the
> >> server.
> >>
> >> The local account that keeps getting flagged by MBSA has a password
> >> of Wh$v9Jx^=b
> >>
> >> so I have no clue as to why it thinks that is a weak password. Any
> >> suggestions?<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
> Too short?
>
> Andrew
>
>
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

It says it is strong here:



"Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> The policy is set for an 8 character minimum.
>
> "Andrew Morton" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> PA Bear [MS MVP] wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > [[Forwarded to MBSA- and Windows Server-specific newsgroups via
>> > crosspost.]]
>> > Shawn Martin wrote:
>> >> I keep getting Error 1721 for local accounts I have on 2008 server
>> >> (64-bit).
>> >> I'm running the MBSA under a domain account that is an
>> >> administrator
>> >> of the
>> >> server.
>> >>
>> >> The local account that keeps getting flagged by MBSA has a
>> >> password
>> >> of Wh$v9Jx^=b
>> >>
>> >> so I have no clue as to why it thinks that is a weak password. Any
>> >> suggestions?<!--colorc--><!--/colorc-->
>>
>> Too short?
>>
>> Andrew
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Thanks. I'm not too concerned with the password, as I know it is relatively
strong. What I'm trying to diagnose, is why MBSA is giving the error, and how
I can correct it?

"FromTheRafters" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> It says it is strong here:
>
>
>
> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
> news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> > The policy is set for an 8 character minimum.
> >
> > "Andrew Morton" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> PA Bear [MS MVP] wrote:
> >> > [[Forwarded to MBSA- and Windows Server-specific newsgroups via
> >> > crosspost.]]
> >> > Shawn Martin wrote:
> >> >> I keep getting Error 1721 for local accounts I have on 2008 server
> >> >> (64-bit).
> >> >> I'm running the MBSA under a domain account that is an
> >> >> administrator
> >> >> of the
> >> >> server.
> >> >>
> >> >> The local account that keeps getting flagged by MBSA has a
> >> >> password
> >> >> of Wh$v9Jx^=b
> >> >>
> >> >> so I have no clue as to why it thinks that is a weak password. Any
> >> >> suggestions?
> >>
> >> Too short?
> >>
> >> Andrew
> >>
> >>
> >> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

All of your "special characters" are from the same row. Only one number
appears. It is still too short.

Maybe a simple change like adding an additional number or special
character will suffice?

"Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
news:1A4DD217-6FB6-4622-978C-58216D1B894D@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Thanks. I'm not too concerned with the password, as I know it is
> relatively
> strong. What I'm trying to diagnose, is why MBSA is giving the error,
> and how
> I can correct it?
>
> "FromTheRafters" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> It says it is strong here:
>>
>>
>>
>> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
>> message
>> news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > The policy is set for an 8 character minimum.
>> >
>> > "Andrew Morton" wrote:
>> >
>> >> PA Bear [MS MVP] wrote:
>> >> > [[Forwarded to MBSA- and Windows Server-specific newsgroups via
>> >> > crosspost.]]
>> >> > Shawn Martin wrote:
>> >> >> I keep getting Error 1721 for local accounts I have on 2008
>> >> >> server
>> >> >> (64-bit).
>> >> >> I'm running the MBSA under a domain account that is an
>> >> >> administrator
>> >> >> of the
>> >> >> server.
>> >> >>
>> >> >> The local account that keeps getting flagged by MBSA has a
>> >> >> password
>> >> >> of Wh$v9Jx^=b
>> >> >>
>> >> >> so I have no clue as to why it thinks that is a weak password.
>> >> >> Any
>> >> >> suggestions?
>> >>
>> >> Too short?
>> >>
>> >> Andrew
>> >>
>> >>
>> >><!--colorc--><!--/colorc-->
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Changed the password to: Wh$v9Jx^=b1? and MBSA is still reporting Error 1721,
Weak Password for that account.

"FromTheRafters" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> All of your "special characters" are from the same row. Only one number
> appears. It is still too short.
>
> Maybe a simple change like adding an additional number or special
> character will suffice?
>
> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
> news:1A4DD217-6FB6-4622-978C-58216D1B894D@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> > Thanks. I'm not too concerned with the password, as I know it is
> > relatively
> > strong. What I'm trying to diagnose, is why MBSA is giving the error,
> > and how
> > I can correct it?
> >
> > "FromTheRafters" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> It says it is strong here:
> >>
> >>
> >>
> >> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
> >> message
> >> news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...
> >> > The policy is set for an 8 character minimum.
> >> >
> >> > "Andrew Morton" wrote:
> >> >
> >> >> PA Bear [MS MVP] wrote:
> >> >> > [[Forwarded to MBSA- and Windows Server-specific newsgroups via
> >> >> > crosspost.]]
> >> >> > Shawn Martin wrote:
> >> >> >> I keep getting Error 1721 for local accounts I have on 2008
> >> >> >> server
> >> >> >> (64-bit).
> >> >> >> I'm running the MBSA under a domain account that is an
> >> >> >> administrator
> >> >> >> of the
> >> >> >> server.
> >> >> >>
> >> >> >> The local account that keeps getting flagged by MBSA has a
> >> >> >> password
> >> >> >> of Wh$v9Jx^=b
> >> >> >>
> >> >> >> so I have no clue as to why it thinks that is a weak password.
> >> >> >> Any
> >> >> >> suggestions?
> >> >>
> >> >> Too short?
> >> >>
> >> >> Andrew
> >> >>
> >> >>
> >> >>
> >>
> >>
> >> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Maybe MBSA is corrupted. try a fresh copy.

"Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
news:541627D3-B37E-4298-9FD9-2353B42E8656@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Changed the password to: Wh$v9Jx^=b1? and MBSA is still reporting
> Error 1721,
> Weak Password for that account.
>
> "FromTheRafters" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> All of your "special characters" are from the same row. Only one
>> number
>> appears. It is still too short.
>>
>> Maybe a simple change like adding an additional number or special
>> character will suffice?
>>
>> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
>> message
>> news:1A4DD217-6FB6-4622-978C-58216D1B894D@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > Thanks. I'm not too concerned with the password, as I know it is
>> > relatively
>> > strong. What I'm trying to diagnose, is why MBSA is giving the
>> > error,
>> > and how
>> > I can correct it?
>> >
>> > "FromTheRafters" wrote:
>> >
>> >> It says it is strong here:
>> >>
>> >>
>> >>
>> >> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
>> >> message
>> >> news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...
>> >> > The policy is set for an 8 character minimum.
>> >> >
>> >> > "Andrew Morton" wrote:
>> >> >
>> >> >> PA Bear [MS MVP] wrote:
>> >> >> > [[Forwarded to MBSA- and Windows Server-specific newsgroups
>> >> >> > via
>> >> >> > crosspost.]]
>> >> >> > Shawn Martin wrote:
>> >> >> >> I keep getting Error 1721 for local accounts I have on 2008
>> >> >> >> server
>> >> >> >> (64-bit).
>> >> >> >> I'm running the MBSA under a domain account that is an
>> >> >> >> administrator
>> >> >> >> of the
>> >> >> >> server.
>> >> >> >>
>> >> >> >> The local account that keeps getting flagged by MBSA has a
>> >> >> >> password
>> >> >> >> of Wh$v9Jx^=b
>> >> >> >>
>> >> >> >> so I have no clue as to why it thinks that is a weak
>> >> >> >> password.
>> >> >> >> Any
>> >> >> >> suggestions?
>> >> >>
>> >> >> Too short?
>> >> >>
>> >> >> Andrew
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >><!--colorc--><!--/colorc-->
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Happening on multiple servers.

"FromTheRafters" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Maybe MBSA is corrupted. try a fresh copy.
>
> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
> news:541627D3-B37E-4298-9FD9-2353B42E8656@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> > Changed the password to: Wh$v9Jx^=b1? and MBSA is still reporting
> > Error 1721,
> > Weak Password for that account.
> >
> > "FromTheRafters" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> All of your "special characters" are from the same row. Only one
> >> number
> >> appears. It is still too short.
> >>
> >> Maybe a simple change like adding an additional number or special
> >> character will suffice?
> >>
> >> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
> >> message
> >> news:1A4DD217-6FB6-4622-978C-58216D1B894D@microsoft.com...
> >> > Thanks. I'm not too concerned with the password, as I know it is
> >> > relatively
> >> > strong. What I'm trying to diagnose, is why MBSA is giving the
> >> > error,
> >> > and how
> >> > I can correct it?
> >> >
> >> > "FromTheRafters" wrote:
> >> >
> >> >> It says it is strong here:
> >> >>
> >> >>
> >> >>
> >> >> "Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in
> >> >> message
> >> >> news:32E850DF-F6A2-4A9C-AB79-A131A823F997@microsoft.com...
> >> >> > The policy is set for an 8 character minimum.
> >> >> >
> >> >> > "Andrew Morton" wrote:
> >> >> >
> >> >> >> PA Bear [MS MVP] wrote:
> >> >> >> > [[Forwarded to MBSA- and Windows Server-specific newsgroups
> >> >> >> > via
> >> >> >> > crosspost.]]
> >> >> >> > Shawn Martin wrote:
> >> >> >> >> I keep getting Error 1721 for local accounts I have on 2008
> >> >> >> >> server
> >> >> >> >> (64-bit).
> >> >> >> >> I'm running the MBSA under a domain account that is an
> >> >> >> >> administrator
> >> >> >> >> of the
> >> >> >> >> server.
> >> >> >> >>
> >> >> >> >> The local account that keeps getting flagged by MBSA has a
> >> >> >> >> password
> >> >> >> >> of Wh$v9Jx^=b
> >> >> >> >>
> >> >> >> >> so I have no clue as to why it thinks that is a weak
> >> >> >> >> password.
> >> >> >> >> Any
> >> >> >> >> suggestions?
> >> >> >>
> >> >> >> Too short?
> >> >> >>
> >> >> >> Andrew
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Shawn Martin wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Happening on multiple servers. <!--colorc--><!--/colorc-->

If MBSA, and/or its dependencies, had been loaded into all local
servers from the same local and corrupted source, that could be the
answer.

Warm regards and good luck,

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

 

Re: Error 1721, weak password

MBSA was downloaded and installed directly from the Microsoft Download Center
onto each server, on separate days. The download was a direct download that
didn't go through a proxy server and anti-virus was disabled on the servers
when installing.

Any other suggestions?

"1PW" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Shawn Martin wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > Happening on multiple servers. <!--colorc--><!--/colorc-->
>
> If MBSA, and/or its dependencies, had been loaded into all local
> servers from the same local and corrupted source, that could be the
> answer.
>
> Warm regards and good luck,
>
> Pete
> --
> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password


"Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
news:69F55844-E506-49D4-9B13-19813E7DB59C@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> MBSA was downloaded and installed directly from the Microsoft Download
> Center
> onto each server, on separate days. The download was a direct download
> that
> didn't go through a proxy server and anti-virus was disabled on the
> servers
> when installing.
>
> Any other suggestions?<!--colorc--><!--/colorc-->

Sorry, fresh out.

There may be some additional clues here, but I can't say for sure.

 

Re: Error 1721, weak password

Shawn Martin wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> MBSA was downloaded and installed directly from the Microsoft Download Center
> onto each server, on separate days. The download was a direct download that
> didn't go through a proxy server and anti-virus was disabled on the servers
> when installing.
>
> Any other suggestions?<!--colorc--><!--/colorc-->

Hello Shawn:

Do you ever remember this MBSA 2.1 version working OK in your shop?

If so, I'm wondering if a subsequent MS update has broken something?

Do you regularly run MBSA on a scheduled basis, or is it run on
special occasions?

Although "FTR" suggests a linkage to password strength, I'm guessing a
zero-length password is being mistakenly passed to MBSA for
evaluation, if indeed MBSA itself does the evaluation. But hey - I'm
just pulling this out of the air.

Warm regards Shawn,

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

 

Re: Error 1721, weak password

MBSA was installed on a few different 2008 servers. Some had been up and
running for a few months, others were just installed this week.

On every server, I didn't have a previous version of MBSA installed.

The network team here wanted server administrators to run MBSA on
applications to ensure things like passwords are strong. The tools runs fine
on the 2003 servers, but throws the weak password error on the 2008 boxes.

The issue is definitely odd, so I'll set up another 2008 server from scratch
and see if it still happens.

"1PW" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Shawn Martin wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > MBSA was downloaded and installed directly from the Microsoft Download Center
> > onto each server, on separate days. The download was a direct download that
> > didn't go through a proxy server and anti-virus was disabled on the servers
> > when installing.
> >
> > Any other suggestions?<!--colorc--><!--/colorc-->
>
> Hello Shawn:
>
> Do you ever remember this MBSA 2.1 version working OK in your shop?
>
> If so, I'm wondering if a subsequent MS update has broken something?
>
> Do you regularly run MBSA on a scheduled basis, or is it run on
> special occasions?
>
> Although "FTR" suggests a linkage to password strength, I'm guessing a
> zero-length password is being mistakenly passed to MBSA for
> evaluation, if indeed MBSA itself does the evaluation. But hey - I'm
> just pulling this out of the air.
>
> Warm regards Shawn,
>
> Pete
> --
> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
> <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

For anyone else that has this problem, it's a known issue with MBSA and
Server 2008.

**************************
I reviewed your files and have confirmed your issue to be the same as the
"known" issue. A Windows 2008 server fix will be announced when it is
released. No ETA is available.

While it is regrettable that in this instance we have been unable to provide
you with a requested solution at this time, we hope that your continued
partnership will allow us to work together through future challenges as they
may arise. As with each customer we work with, it is always our objective to
provide the very best supported software possible.

The case will be set to a decrement type of “non-decrement” and thus, will
NOT be charged against your Software Assurance agreement.

At this time, as there is no other escalation channel for this issue, I will
conclude this case today.

It was my pleasure working with you. Please let me know of any feedback
you would like to convey to us on your overall experience with Microsoft


ACTION:
=======
Customer is running MBSA.

RESULTS:
========
Customer is seeing "1721" errors on the MBSA scan results for weak passwords
when scanning on Win2008 machines.

CAUSE:
======
Design regression

RESOLUTION:
============
No workaround available at this time. Hotfix and/or SP to be released in
the future.
**************************



"Shawn Martin" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> MBSA was installed on a few different 2008 servers. Some had been up and
> running for a few months, others were just installed this week.
>
> On every server, I didn't have a previous version of MBSA installed.
>
> The network team here wanted server administrators to run MBSA on
> applications to ensure things like passwords are strong. The tools runs fine
> on the 2003 servers, but throws the weak password error on the 2008 boxes.
>
> The issue is definitely odd, so I'll set up another 2008 server from scratch
> and see if it still happens.
>
> "1PW" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
> > Shawn Martin wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> > > MBSA was downloaded and installed directly from the Microsoft Download Center
> > > onto each server, on separate days. The download was a direct download that
> > > didn't go through a proxy server and anti-virus was disabled on the servers
> > > when installing.
> > >
> > > Any other suggestions?<!--colorc--><!--/colorc-->
> >
> > Hello Shawn:
> >
> > Do you ever remember this MBSA 2.1 version working OK in your shop?
> >
> > If so, I'm wondering if a subsequent MS update has broken something?
> >
> > Do you regularly run MBSA on a scheduled basis, or is it run on
> > special occasions?
> >
> > Although "FTR" suggests a linkage to password strength, I'm guessing a
> > zero-length password is being mistakenly passed to MBSA for
> > evaluation, if indeed MBSA itself does the evaluation. But hey - I'm
> > just pulling this out of the air.
> >
> > Warm regards Shawn,
> >
> > Pete
> > --
> > 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
> > <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

Shawn Martin wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> For anyone else that has this problem, it's a known issue with MBSA and
> Server 2008.
>
> **************************
> I reviewed your files and have confirmed your issue to be the same as the
> "known" issue. A Windows 2008 server fix will be announced when it is
> released. No ETA is available.
>
> While it is regrettable that in this instance we have been unable to provide
> you with a requested solution at this time, we hope that your continued
> partnership will allow us to work together through future challenges as they
> may arise. As with each customer we work with, it is always our objective to
> provide the very best supported software possible.
>
> The case will be set to a decrement type of “non-decrement” and thus, will
> NOT be charged against your Software Assurance agreement.
>
> At this time, as there is no other escalation channel for this issue, I will
> conclude this case today.
>
> It was my pleasure working with you. Please let me know of any feedback
> you would like to convey to us on your overall experience with Microsoft
>
>
> ACTION:
> =======
> Customer is running MBSA.
>
> RESULTS:
> ========
> Customer is seeing "1721" errors on the MBSA scan results for weak passwords
> when scanning on Win2008 machines.
>
> CAUSE:
> ======
> Design regression
>
> RESOLUTION:
> ============
> No workaround available at this time. Hotfix and/or SP to be released in
> the future.
> **************************
>
>
>
> "Shawn Martin" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
>> MBSA was installed on a few different 2008 servers. Some had been up and
>> running for a few months, others were just installed this week.
>>
>> On every server, I didn't have a previous version of MBSA installed.
>>
>> The network team here wanted server administrators to run MBSA on
>> applications to ensure things like passwords are strong. The tools runs fine
>> on the 2003 servers, but throws the weak password error on the 2008 boxes.
>>
>> The issue is definitely odd, so I'll set up another 2008 server from scratch
>> and see if it still happens.
>>
>> "1PW" wrote:
>><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> Shawn Martin wrote:
>>>> MBSA was downloaded and installed directly from the Microsoft Download Center
>>>> onto each server, on separate days. The download was a direct download that
>>>> didn't go through a proxy server and anti-virus was disabled on the servers
>>>> when installing.
>>>>
>>>> Any other suggestions?
>>> Hello Shawn:
>>>
>>> Do you ever remember this MBSA 2.1 version working OK in your shop?
>>>
>>> If so, I'm wondering if a subsequent MS update has broken something?
>>>
>>> Do you regularly run MBSA on a scheduled basis, or is it run on
>>> special occasions?
>>>
>>> Although "FTR" suggests a linkage to password strength, I'm guessing a
>>> zero-length password is being mistakenly passed to MBSA for
>>> evaluation, if indeed MBSA itself does the evaluation. But hey - I'm
>>> just pulling this out of the air.
>>>
>>> Warm regards Shawn,
>>>
>>> Pete
>>> --
>>> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
>>><!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

Well done Shawn.

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

 

Re: Error 1721, weak password

Thank you for passing this information on to us.

"Shawn Martin" <ShawnMartin@discussions.microsoft.com> wrote in message
news:7F637276-4615-4F01-A61C-03DD9560F967@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> For anyone else that has this problem, it's a known issue with MBSA
> and
> Server 2008.
>
> **************************
> I reviewed your files and have confirmed your issue to be the same as
> the
> "known" issue. A Windows 2008 server fix will be announced when it
> is
> released. No ETA is available.
>
> While it is regrettable that in this instance we have been unable to
> provide
> you with a requested solution at this time, we hope that your
> continued
> partnership will allow us to work together through future challenges
> as they
> may arise. As with each customer we work with, it is always our
> objective to
> provide the very best supported software possible.
>
> The case will be set to a decrement type of "non-decrement" and thus,
> will
> NOT be charged against your Software Assurance agreement.
>
> At this time, as there is no other escalation channel for this issue,
> I will
> conclude this case today.
>
> It was my pleasure working with you. Please let me know of any
> feedback
> you would like to convey to us on your overall experience with
> Microsoft
>
>
> ACTION:
> =======
> Customer is running MBSA.
>
> RESULTS:
> ========
> Customer is seeing "1721" errors on the MBSA scan results for weak
> passwords
> when scanning on Win2008 machines.
>
> CAUSE:
> ======
> Design regression
>
> RESOLUTION:
> ============
> No workaround available at this time. Hotfix and/or SP to be released
> in
> the future.
> **************************
>
>
>
> "Shawn Martin" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> MBSA was installed on a few different 2008 servers. Some had been up
>> and
>> running for a few months, others were just installed this week.
>>
>> On every server, I didn't have a previous version of MBSA installed.
>>
>> The network team here wanted server administrators to run MBSA on
>> applications to ensure things like passwords are strong. The tools
>> runs fine
>> on the 2003 servers, but throws the weak password error on the 2008
>> boxes.
>>
>> The issue is definitely odd, so I'll set up another 2008 server from
>> scratch
>> and see if it still happens.
>>
>> "1PW" wrote:
>><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > Shawn Martin wrote:
>> > > MBSA was downloaded and installed directly from the Microsoft
>> > > Download Center
>> > > onto each server, on separate days. The download was a direct
>> > > download that
>> > > didn't go through a proxy server and anti-virus was disabled on
>> > > the servers
>> > > when installing.
>> > >
>> > > Any other suggestions?
>> >
>> > Hello Shawn:
>> >
>> > Do you ever remember this MBSA 2.1 version working OK in your shop?
>> >
>> > If so, I'm wondering if a subsequent MS update has broken
>> > something?
>> >
>> > Do you regularly run MBSA on a scheduled basis, or is it run on
>> > special occasions?
>> >
>> > Although "FTR" suggests a linkage to password strength, I'm
>> > guessing a
>> > zero-length password is being mistakenly passed to MBSA for
>> > evaluation, if indeed MBSA itself does the evaluation. But hey -
>> > I'm
>> > just pulling this out of the air.
>> >
>> > Warm regards Shawn,
>> >
>> > Pete
>> > --
>> > 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
>> > <!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password


Then tell them that "pazword" is a much stronger password than
"768262ge%$^%$^%¬&^%&^*&^*ghjGUHTFhfHTRytRFyt^%$^!$"

Why? because the latter just has to be typed-in from a post-it attached to
the monitor.

Seriously, once passwords MUST contain gibberish, and must expire
frequently, the security of the system takes a nosedive for this reason.

The fundamental shortcoming in security design is that of allowing rapidfire
attempts at logon. With a delay of even a few seconds between attempts,
bruteforce methods become impractical. To improve your security, implement a
short lockout for repeated logon failures.

"Shawn Martin" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> The network team here wanted server administrators to run MBSA on
> applications to ensure things like passwords are strong. The tools runs fine
> on the 2003 servers, but throws the weak password error on the 2008 boxes. <!--colorc--><!--/colorc-->

 

Re: Error 1721, weak password

That is a good point, but for those without the physical access to the
computer (and the post-it note) trying to log on remotely with thousands
of guesses per second - the longer and more complex the better.

Timeouts are indeed a good measure to increase difficulty (and,
unfortunately, helpdesk calls).

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message
news:B29C2546-C2C8-4348-A196-EEFF7B1754A4@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
> Then tell them that "pazword" is a much stronger password than
> "768262ge%$^%$^%¬&^%&^*&^*ghjGUHTFhfHTRytRFyt^%$^!$"
>
> Why? because the latter just has to be typed-in from a post-it
> attached to
> the monitor.
>
> Seriously, once passwords MUST contain gibberish, and must expire
> frequently, the security of the system takes a nosedive for this
> reason.
>
> The fundamental shortcoming in security design is that of allowing
> rapidfire
> attempts at logon. With a delay of even a few seconds between
> attempts,
> bruteforce methods become impractical. To improve your security,
> implement a
> short lockout for repeated logon failures.
>
> "Shawn Martin" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> The network team here wanted server administrators to run MBSA on
>> applications to ensure things like passwords are strong. The tools
>> runs fine
>> on the 2003 servers, but throws the weak password error on the 2008
>> boxes.<!--colorc--><!--/colorc-->
>
> <!--colorc--><!--/colorc-->