require password change on first login on HA mode

Showing results for 
Show  only  | Search instead for 
Did you mean: 

require password change on first login on HA mode

L1 Bithead

Hi Guys


I have question for "require password change on first login" on HA mode.

firstly when I enable this function at any Palo Alto unit of HA mode and edit or create admin role account,

then try login to one of HA unit, the login page display password change require. when I finish password change and try login another unit, the new password cannot login success, only original unit can success login using new password. 

also I think maybe HA sync problem, then I create new object and manual sync running-config at original unit,

new password still not sync to peer unit, the login page of another unit only allow old password to login and additionally show password change require again.


have someone can help me or suggest best practices for require password change on first login?

PAN-OS - 9.1.11

HA mode - Actice/Passive






Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!