Fix ERROR_WRONG_PASSWORD 0X0000052B: Password Update Fails
When Windows won't let you update a password and throws 0X0000052B, it's usually a mismatch between your old password and what the system expects. Here's the fix.
When This Error Shows Up
You're trying to change your Windows password — maybe it's been 90 days and the system's forcing the issue, or you're updating a domain account after a breach. You type your new password, hit Enter, and get hit with ERROR_WRONG_PASSWORD (0X0000052B) - Unable to update the password. It's infuriating because you know you typed the old password correctly. I've seen this on Windows 10 Pro builds (like 20H2) and Windows 11 machines joined to a domain, but it also hits local accounts with password expiration policies.
Why It Happens
This error means Windows is rejecting the password update because the old password you entered doesn't match what the system has stored — but here's the kicker: sometimes you're right and it's still wrong. The root cause is usually one of these:
- Case sensitivity mismatch: You typed the old password with Caps Lock on, or the system's treating it differently than you did when you last logged in.
- Domain vs. local misalignment: If you're on a domain, your cached credentials might differ from the domain controller's copy. The local machine thinks you're wrong, even if the domain knows better.
- Password history conflict: Some policies keep the last 10 passwords, and if your new password matches an old one, the system throws this error instead of the clearer "password history violation" message.
- Account lockout or policy restrictions: If you've failed too many times, the system blocks further attempts with this same error code.
I've tripped over the Caps Lock issue myself more times than I'll admit. The error text is misleading — it's not saying your old password is wrong against the current one; it's saying the combination of old + new doesn't pass the update rules.
The Fix: Step by Step
Skip the guesswork. Here's the sequence that works 9 times out of 10.
Step 1: Verify Your Old Password (Outside the Change Dialog)
Before you try to change anything, confirm your old password works. Lock your screen (Win + L), then log in with the password you think is correct. If it lets you in, you're good. If not, reset it via another admin account or a password reset disk before proceeding.
Step 2: Use the Command Line (Bypass the GUI)
The GUI's password change dialog is flaky. Use net user instead — it gives you clearer feedback. Open Command Prompt as Administrator (right-click Start, select Terminal Admin). Then run:
net user %username% *Replace %username% with your actual username if you prefer, but the asterisk forces a secure prompt. You'll be asked for the old password, then the new one. If it fails here, the error message will tell you why — usually "The password does not meet the password policy requirements." That's different from 0X0000052B and means you need a stronger password.
Step 3: Force a Domain Sync (If Domain-Joined)
If you're on a domain, run this to sync your credentials with the domain controller:
klist purge
gpupdate /forceThen try the net user command again. I've seen cached credentials corrupt on the local machine — purging the Kerberos ticket cache fixes that.
Step 4: Check Password History and Policy
Open Local Group Policy Editor (Win + R, type gpedit.msc). Go to Computer Configuration → Windows Settings → Security Settings → Account Policies → Password Policy. Check these values:
- Enforce password history: If it's set to 24, you can't reuse any of your last 24 passwords. Try a completely new one — not a variation of an old one.
- Minimum password age: If it's 0, you can change your password immediately. If it's 1 or more, you might need to wait — but that usually gives a different error. Still worth checking.
If you're a local admin, you can temporarily set Enforce password history to 0, change the password, then set it back. I don't recommend this as a long-term solution — it's for emergency access only.
Step 5: Clear Stale Credentials from Credential Manager
Search for "Credential Manager" in the Start menu, open it, and select Windows Credentials. Look for any entries related to your domain or computer name. Delete them. I've seen old cached domain credentials interfere with local password changes.
What If It Still Fails?
If you're still stuck after these steps, the problem is likely on the server side (if domain-joined) or a deeper system file issue. Check the Windows Event Log:
- Open Event Viewer (Win + R, type
eventvwr.msc). - Go to Windows Logs → Security.
- Look for event ID 4724 (password change attempt) or 4738 (user account changed).
The detail in those events will tell you if the domain controller rejected the change, or if the local machine's security subsystem is blocking it. If you see Status: 0xC000006A (wrong password) there, then your old password really doesn't match what the domain controller has — time to call your IT admin to reset it on the server. If you're on a local account and nothing works, boot into Safe Mode with Networking and try the net user command there. Safe Mode bypasses some third-party security software that can interfere with password changes.
Don't waste time repeating the same steps. One of these will get you through, and you'll be back to work in 10 minutes.
Was this solution helpful?