cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1148
Views
0
Helpful
4
Replies

Cisco ISE Receiving "24473 The user's password has expired"

Sam Tan
Level 1
Level 1

Hi Experts,

 

I am having an unusual problem with our customer's ISE.

 

Two days ago, some of the users authenticating via wireless network and is receiving a password expired error.

On the ISE logs, I can see the following:

"24473 - The user's password has expired; setting the IdentityAccessRestricted flag to true"

This only happens to a handful of users at the moment, and on the AD itself, the customer verified that the user password is not expired.

We have tried changing the domain, resetting password and having ISE to push a new certificate to the affected users but this is still not working.

 

Any ideas?

Please review the attachment for your perusal.


 Thanks,

ST

4 Replies 4

Jarvis IT
Level 1
Level 1

I am having the exact same issue. It's only happening for about 4 users at the moment but it seems to be increasing.

 

The only work around is to flag the user as password doesn't expire.

 

We have 6 Domain controller spread over a number of sites and over 150 users. The first user occurred awhile back now and we have done all sorts of things to force him to reset his password etc nothing has worked. Since the first user we have more people having the issue. After the user changes their password the behavior doesn't manifest straight away and takes a few weeks. Once it starts the user is practically never able to auth properly again.

When you're working on this issue you can get the user to magically auth sometimes, after resetting password and logging in and out heaps of times, then all of a sudden the error you describe starts appearing again.

I am raising a TAC case now so hopefully they can assist.

We upgraded our patch 1 to patch 7 and we are running Version:  1.2.1.198

 

 

Hi Craig,

I have the same issue, how's was your TAC tackle to this? Appreciate your response how they help to resolve this issue. Thanks.

Regards

Tzy

I raised a TAC case, then closed it days later.

The strange thing is I flagged the affected users back to password expires and they seem to be ok now. I am not sure what's happening... I am going to monitor and see if another user has this issue again. Then I will raise another case.

Did you ever find a solution for this? I'm facing a similar issue.