Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
4
Replies

Cisco ISE Receiving "24473 The user's password has expired"

Sam Tan
Level 1
Level 1

‎09-02-2015 10:32 PM - edited ‎03-10-2019 11:01 PM

Hi Experts,

 

I am having an unusual problem with our customer's ISE.

 

Two days ago, some of the users authenticating via wireless network and is receiving a password expired error.

On the ISE logs, I can see the following:

"24473 - The user's password has expired; setting the IdentityAccessRestricted flag to true"

This only happens to a handful of users at the moment, and on the AD itself, the customer verified that the user password is not expired.

We have tried changing the domain, resetting password and having ISE to push a new certificate to the affected users but this is still not working.

 

Any ideas?

Please review the attachment for your perusal.


 Thanks,

ST

1 person had this problem
Labels:
Preview file
95 KB
Preview file
25 KB
0 Helpful
4 Replies 4

Jarvis IT
Level 1
Level 1

‎10-13-2015 04:11 PM

I am having the exact same issue. It's only happening for about 4 users at the moment but it seems to be increasing.

 

The only work around is to flag the user as password doesn't expire.

 

We have 6 Domain controller spread over a number of sites and over 150 users. The first user occurred awhile back now and we have done all sorts of things to force him to reset his password etc nothing has worked. Since the first user we have more people having the issue. After the user changes their password the behavior doesn't manifest straight away and takes a few weeks. Once it starts the user is practically never able to auth properly again.

When you're working on this issue you can get the user to magically auth sometimes, after resetting password and logging in and out heaps of times, then all of a sudden the error you describe starts appearing again.

I am raising a TAC case now so hopefully they can assist.

We upgraded our patch 1 to patch 7 and we are running Version:  1.2.1.198

 

 

0 Helpful

Tzy Chun Chong
Level 1
Level 1
In response to Jarvis IT

‎11-10-2015 10:22 PM

Hi Craig,

I have the same issue, how's was your TAC tackle to this? Appreciate your response how they help to resolve this issue. Thanks.

Regards

Tzy

0 Helpful

Jarvis IT
Level 1
Level 1
In response to Tzy Chun Chong

‎01-03-2016 04:36 PM

I raised a TAC case, then closed it days later.

The strange thing is I flagged the affected users back to password expires and they seem to be ok now. I am not sure what's happening... I am going to monitor and see if another user has this issue again. Then I will raise another case.

0 Helpful

ahurtadove
Level 1
Level 1
In response to Jarvis IT

‎12-15-2016 12:50 PM

Did you ever find a solution for this? I'm facing a similar issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents