07-07-2017 05:47 AM
Team -
We are starting to roll out ISE in low impact and we are noticing an issue when it comes to some machines. Some machines hitting our low impact policy because of a specific error regarding machine passwords.
Error Code: 24485 Machine authentication against Active Directory has failed because of wrong password
We have noticed this is to be on the AD side because a machine password will expire at 30 days, the computer will communicate with a local domain controller to receive the new password. The replication from the local domain controller to the data center is set for every 15 minutes, which is where we think the problem happens. Due to replication, machines try to authenticate via peap and fail due to the passwords not being correct at the data center where the primary PSN is located. Machines are in a low impact state for 15-20 minutes while replication takes place.
Has anyone else experienced this issue and how did you resolve it?
Thank you greatly and looking forward to the feedback.
-Eric
Solved! Go to Solution.
07-07-2017 06:54 AM
The machine password is changed on the client per policy (every 30 days as default) and it is the client which updates the DC upon the change. Typically the password updates are immediate and does not follow the typical AD replication schedule. In the following article here from MS Technet shows that there is a Group Policy setting “Contact PDC on logon failure” which can affect the password replication. Can you check to see if it is enabled?
07-07-2017 06:54 AM
The machine password is changed on the client per policy (every 30 days as default) and it is the client which updates the DC upon the change. Typically the password updates are immediate and does not follow the typical AD replication schedule. In the following article here from MS Technet shows that there is a Group Policy setting “Contact PDC on logon failure” which can affect the password replication. Can you check to see if it is enabled?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide