I seem to remember dealing with this years ago but I'm not able right now to get the right mixture of settings.
DNN 8, AD Authentication 5.0.6, Windows Server 2012 R2 Standard
I installed and configured the module. Then I logged on successfully once with my domain account. On subsequent logins with the same account, the error "This Membership Provider has not been configured to support password retrieval."
Among the things I was reminded of as I searched:
1) modify the PasswordHIstory table to set the "Password" column to allow nulls
2) In Host Settings > Advanced Settings > Membership Management: Uncheck "Enable Password History" ... In an older portal where all is working well, I also see that I have "Enable password strength check" unchecked, but not sure that pertains.
3) In web.config on the working portal I have enablePasswordRetrieval="true" enablePasswordReset="false" passwordFormat="Encrypted"
That's on Windows Server 2008 R2, DNN 7.4, AD Authentication 5.0.6
When I set things up in this manner on the new portal, now the error changes to "Hashed passwords cannot be decoded"
If I change enablePassword="true" on the new portal, the portal errors out and in the server Application log, "
The pre-application start initialization method Start on type WebMatrix.WebData.PreApplicationStartCode threw an exception with the following error message: Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.
But when I set enablePasswordRetrieval="false" then the portal stands ok but gives an error in the DNN Event Viewer on domain user login of "Hashed Passwords cannot be retrieved."
So - what is the correct configuration mix here to allow not only an initial login from a domain user, but successful subsequent logins as well?