Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
5
Helpful
1
Replies

LDAPS with Azure MFA product...Password Expiration

mwkirk
Level 1
Level 1

‎01-25-2016 09:16 AM

So,

We are trying to setup Azure MFA with Cisco ASA version 9.1.  The product works fine but when a password expires the AnyConnect client will prompt for the password change but then will get a message stating the password does not meet the policy requirements.  The password should meet requirements but still receive it each time.

In the ASA logs  the error message is:

AAA authentication rejected: reason = password malformed : server = mfaserver : user=*****

In the MFA logs we see the message:

Observed password change request for user "user DN" , but request came on unbound Ldap connection

Failed to read from server DomainController network connection was aborted by the local system

We have tickets open with Microsoft and Cisco regarding the incident which both say it is the other's issue.  I can provide more details but wanted to see if anyone has seen an issue similar to this.

TIA

Mike

3 people had this problem
Labels:
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎01-25-2016 07:52 PM

Hi Mike,
The Login DN (the user used for the Binding operation, sometimes called  the Binding DN) must have Account Operators privileges for password management changes. I have seen this error in the past when the login DN account doesn't have sufficient privileges to push this change.

~ Jatin

~Jatin
0 Helpful
Customers Also Viewed These Support Documents