Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
2
Replies

Cisco ISE 2.3p5 - Domain Computers not change password .

Go to solution
pgiouvanellis
Level 1
Level 1

‎06-25-2019 05:00 AM

Hello everyone ,

 

We start facing a problem with some domain computers that are used in out customer's enviroment .

The issue is the below : 

 

These computer are joined normally on Active Directory but the user are mostly out of office for a long time 

some the computer may be closed for 30-40 days .

 

When they get back to office and open the PC they have no access .From Logs we see that the PCs are coming with mab and not with 802.1x as they had to .

 

From Active Directory Team they told us that when a PC is closed or out of the network for 35 days when is opened up the Domain Controller send a ticket to PC to change/initialize the computer password , and normally the computer gets the ticket and create new paassword .

 

In our implementation we have enabled the option enable password change on External Identity Sources Advanced Settings see attachment .

 

1.JPG

 

I know this is about the user change his password when it is expired but is it possible to confirm that the same option is about the Computer Object password on Active Directory ? 

 

Thanks ,

Palaiologos

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-25-2019 11:50 PM

I don't believe the Windows PC can change password using the supplicant. My suggestion would be to increase the password refresh interval or fallback to WebAuth where the user can login via WebAuth using the user account and then force machine password update.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-25-2019 11:50 PM

I don't believe the Windows PC can change password using the supplicant. My suggestion would be to increase the password refresh interval or fallback to WebAuth where the user can login via WebAuth using the user account and then force machine password update.

0 Helpful

Go to solution
pgiouvanellis
Level 1
Level 1
In response to howon

‎06-26-2019 09:48 AM

Webauth unfortunately is not accepted solution for customer's environment.

 

So the above configuration i have attached about Enable Password Change is about only the Active Directory User account and not the computer object password ?

 

So there i no solution to these ?

 

Thanks

Palaiologos 

0 Helpful
Customers Also Viewed These Support Documents