Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

User has new password in AD, but GlobalProtect still authenticates with the old password (new password fails).

L2 Linker

When our users change their AD password, they immediately will lock & unlock Windows to make sure the new password took, and that what they think they changed it to, is exactly what they changed it to.  They also have been told to sign out of GlobalProtect and sign back in, so that GlobalProtect will be configured to use the new creds going forward.  However, while the password change in AD has been working great, GP has not been keeping up with the changes.  Some users will lock their accounts trying to use their new passwords in GlobalProtect.  Others will give up and try the old one, which works until the next time they connect and then it fails and locks the account in AD.  This happens all too frequently.  We use the User-ID Agent on Active Directory Windows 2016 servers. Our PA is 9.1.8, our agents are 9.1.2-9 and GlobalProtect is 5.1.5.  


1. is this a known issue with GP?  we've been seeing it for over a year.

2. does GP and/or PA cache our user's credentials?  if so, can we disable that feature?  and if we can, is there a downside to doing that as well?  we want every GP connection to check our domain controllers for proper credentials, every time (if there isnt a significant downside).

Who Me Too'd this topic