So,
We are trying to setup Azure MFA with Cisco ASA version 9.1. The product works fine but when a password expires the AnyConnect client will prompt for the password change but then will get a message stating the password does not meet the policy requirements. The password should meet requirements but still receive it each time.
In the ASA logs the error message is:
AAA authentication rejected: reason = password malformed : server = mfaserver : user=*****
In the MFA logs we see the message:
Observed password change request for user "user DN" , but request came on unbound Ldap connection
Failed to read from server DomainController network connection was aborted by the local system
We have tickets open with Microsoft and Cisco regarding the incident which both say it is the other's issue. I can provide more details but wanted to see if anyone has seen an issue similar to this.
TIA
Mike