Jump to content


Netscaler 11 Change Expired Password

Started by Martin Adcock , 29 February 2016 - 01:45 PM
24 replies to this topic

Martin Adcock Members

Martin Adcock
  • 19 posts

Posted 29 February 2016 - 01:45 PM



I have replaced our Netscaler with version NS11.0 64.34.nc. This connects to Storefront 7.1. We are using LDAP authentication and I have set the option to allow users to change their passwords and whilst this is working we are having a few issues with some users when they are trying to change their password. In the logs we are seeing 


netscaler [1130]: While changing password (ns_ldap_change_password): error unicoding new password for user

netscaler [1130]: In unicode_ber: Invalid UTF-8 character input


I have managed to replicate this by trying to us a % symbol in the password. Has anyone got any suggestions on what this could be?



Christoph Müller Members

Christoph Müller
  • 4 posts

Posted 14 March 2016 - 10:21 AM

Hi, we have the same Issue!


Environment: NS, Storefron 3.0.1.....

One Idea was to update the NS Box to the newest Version!


But currently!

Bye Christoph

jparnel81 Members

James Parnell
  • 16 posts

Posted 06 August 2016 - 07:35 AM


We've just started seeing this exact issue with our NetScalers running NS11 66.11 and above.

Is anyone else experiencing this too?



Pradeep Muni Gowreesha Citrix Employees

Pradeep Muni Gowreesha
  • 48 posts

Posted 08 August 2016 - 09:10 AM

Hello, can you check if restarting the NetScaler helps?

Martin Adcock Members

Martin Adcock
  • 19 posts

Posted 10 August 2016 - 10:09 AM

No rebooting the NetScaler does not fix the problem. 

IT Dept Members

IT Dept
  • 14 posts

Posted 15 August 2016 - 10:25 AM

Ok, so we are getting exactly the same error message on our NetScaler (v11.0 62.10.nc) but I'm sure this has not always been the case. We have not upgraded the NetScaler since we went live.


We obviously have LDAPS enabled internally and the 'allow password change' has always been on since we went live with the NetScaler last September.


On logging in via the NetScaler Gateway Virtual Server and where a password has either expired or 'force change on next login' is selected in a domain environment the web interface drops back to the login screen and says 'Incorrect username or password' after correctly typing and confirming a new password which meets all complexity requirements.


Any ideas folks?

jparnel81 Members

James Parnell
  • 16 posts

Posted 16 August 2016 - 07:28 PM

I have a support call open with Citrix support for assistance.


I've been asked to collect AAA debug logs but its tricky as there's no way of knowing when the problem will occur!


I've tried changing passwords with all sorts of special characters but haven't been able to reproduce the error myself yet.

Phil Dusome Members

Phil Dusome
  • 5 posts

Posted 26 August 2016 - 05:52 PM

No updates on this?  Just ran into this myself.  There is nothing outstanding about the configuration but it simply doesn't, under any circumstances, work.

Chris Hahn Members

Chris Hahn
  • 63 posts

Posted 02 September 2016 - 02:33 PM

I am seeing same issue on 11.0 66.11.nc.   When changing the password, some password combinations work, while others are rejected and bounce you back to the login screen even though in both cases they meet password complexity requirements. I've opened a Citrix case.

Phil Dusome Members
  • #10

Phil Dusome
  • 5 posts

Posted 02 September 2016 - 02:39 PM

I was able to resolve this by going to  There is mention of password issues in the write-up.

jparnel81 Members
  • #11

James Parnell
  • 16 posts

Posted 02 September 2016 - 02:50 PM

The issues are still present for us in NS 11 67.12

Dale Johnson Members
  • #12

Dale Johnson
  • 3 posts

Posted 15 September 2016 - 10:08 PM

I am interested in this same as I get the same issue

Raphael Muench Members
  • #13

Raphael Muench
  • 2 posts

Posted 24 October 2016 - 12:48 PM

Are there any news ?

Casper Holm Members
  • #14

Casper Holm
  • 3 posts

Posted 27 October 2016 - 01:45 PM

we have the same issue:(

Christoph Sander Members
  • #15

Christoph Sander
  • 2 posts

Posted 11 November 2016 - 07:19 AM

I just stumbled on the same Problem. NS11.1 49.16. Only happens with some password combinations.

Arthur Chan Members
  • #16

Arthur Chan
  • 8 posts

Posted 20 January 2017 - 07:13 PM

Same here with NS11.1 50.10.  "Invalid UTF-8 character input" in aaad.debug.

infra producao Members
  • #17

infra producao
  • 9 posts

Posted 02 March 2017 - 05:56 PM


leandro.goncalves Members
  • #18

Leandro Goncalves
  • 150 posts

Posted 02 March 2017 - 06:02 PM

Hi Everyone, 


I had a citrix support opened with the change password issue below :

 [1240]: While changing password (ns_ldap_change_password): error unicoding new password for user xxxxx


[1240]: In unicode_ber: Invalid UTF-8 character input


The Citrix engineer left my call on hold with the following message:



After researching the issue, I found that the NetScaler is hitting a Bug, (bug ID 672846), sadly there is not a release with a resolution of this issue yet, the developers team is actively working on this issue and is expected to be solved on NetScaler 11.1 or 12.0 releases.

Sadly, there is no workaround to avoid the issue temporary.”

Andrzej Starmach Citrix Employees
  • #19

Andrzej Starmach
  • 149 posts

Posted 09 March 2017 - 11:06 AM

Hi All,

This is actively being investigated at the moment and I will be sharing updates on the root cause, fix as soon as available.




Dennis Parker Members
  • #20

Dennis Parker
  • 51 posts

Posted 15 March 2017 - 10:05 PM

There are certain combinations of passwords that I have found in my environment that cause this. Two specifically start with either Nr or Te. They are case sensitive. Any passwords that have those character combinations as the first two characters will not be accepted by the NetScaler. I'm sure there are others. I found this thread by searching for "unicode_ber Invalid UTF-8 character input" which is the error in the aaad.debug log when this fails.


Hopefully Citrix can figure this out soon. I will be monitoring the status of this thread.