I have a stand-alone system which is utilizing two Palo Alto 220 Firewalls. As part of this system, I have RADIUS policies configured on a Windows server to provide domain-admin access to the device. On one PA220 I am able to login with my domain credentials and access the device without issue. On the other PA220 I am able to login with domain credentials as well. However, once logged in I am brought to a page that prompts me to change my password. It has a field for Old Password, New Password and New Password verification. I am not able to navigate beyond this prompt. If I try to submit the form without inputting any values it errors saying "password required." If I submit the form with appropriate values (old password and a new password) it errors saying "Cannot change password for remote users." What could be causing this to occur? I know my RADIUS is working as it should and the two PA220's are configured identically despite one functioning and the other not. I still have a local admin account on the device, so I am able to make changes, I just don't know what needs to be changed (local admin account is not being prompted to change password). Things I have tried: Compared the "working" PA220 to the "non-working" PA220 Looked through device settings for misconfigurations Ensured "change password at first login" has been disabled Deleted authentication profiles and re-added them Deleted users and re-added them Committing changes Rebooting device Prayer Any advice/suggestion would be greatly appreciated!
... View more