This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User has new password in AD, but GlobalProtect still authenticates with the old password (new password fails).

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User has new password in AD, but GlobalProtect still authenticates with the old password (new password fails).

jrauman
L2 Linker

‎04-26-2021 02:57 PM

When our users change their AD password, they immediately will lock & unlock Windows to make sure the new password took, and that what they think they changed it to, is exactly what they changed it to.  They also have been told to sign out of GlobalProtect and sign back in, so that GlobalProtect will be configured to use the new creds going forward.  However, while the password change in AD has been working great, GP has not been keeping up with the changes.  Some users will lock their accounts trying to use their new passwords in GlobalProtect.  Others will give up and try the old one, which works until the next time they connect and then it fails and locks the account in AD.  This happens all too frequently.  We use the User-ID Agent on Active Directory Windows 2016 servers. Our PA is 9.1.8, our agents are 9.1.2-9 and GlobalProtect is 5.1.5.  

 

1. is this a known issue with GP?  we've been seeing it for over a year.

2. does GP and/or PA cache our user's credentials?  if so, can we disable that feature?  and if we can, is there a downside to doing that as well?  we want every GP connection to check our domain controllers for proper credentials, every time (if there isnt a significant downside).

3 people had this problem.
0 Likes Likes
1 REPLY 1

T.Dudouit
L0 Member

‎04-17-2024 12:49 AM

Hello Guys !

 

We are experiencing the same problem in our company from long time and we have not found any solution so far.

 

Sometime, the Windows account was lock after changing the password in the active directory.
It seems that the change is not taken into account by Global Protect and this results in the account being locked when user trying to LogOn. We have to manually change the password in Global Protect for this to work and unlock windows account in AD to solve this issue.

We opened tickets in costumer portal for this issu, but the proposed solutions do not work parmanently.

 

Out GP version is 6.1.1-6

Anyone's idea ?

Thanks for Help

Best Regards !

 

0 Likes Likes
  • 2240 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks