This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Synchronising password in Sophos and Active Directory

Hi.

We are using Safe guard 6.00.1.31

User is using laptop and loging in with Active Directory credentials.

Profile on a laptop is Local.

Normaly every thing works ok, and there is no probelem with changing the password.

But in that case user loged in on another machine(with out SafeGuard) and there changed the password (it was required by system - AD policy to change password every 30 days).

Now when trying to log in SafeGuard it accepts the old password, but then in windows there is message that password has expired and needs to be changed.

When changing the password it allways give message that password cant be changed because it doesn't meet password requirements.

It for sure does. Lots of new passwords were tried and allways there is the same message.

I can log in to POA and to the local admin account without any problem.

Please help.

BR

Dtekmario

:38695


This thread was automatically locked due to age.
  • We are having a very similar issue, did you ever figure out what was going on?

    :57450
  • Hi

    I've experienced same problem. I've found with google that problem could be caused with auto logon option in POA.

    not tested yet

    Walkaround: 

    - let user logon to POA (computer connected to LAN),
    - set new pass in AD,
    - let user logon to Win with new pass,
    - if asked for user should type old pass,
    - restart computer to confirm that POA uses new pass

    best regards
    -- 
    Pawel

  • With SGN encrypted computer connected to domain log in as user with recently changed password. It will prompt for the old password. After the user login has completed, SGN should prompt for the new password and update. Ensure it can communicate with AD and the SGN server.

  • This happens a few times a week at my organization. My response to this issue is below.

    1. Get user logged into system via POA
    2. Connect to our corporate VPN if they are not on the company network.
    3. In the SGE Admin console, find the user and delete their certificate.
    4. Force a manual synchronization on the user's workstation (sgmcmdintn.exe -s). 
    5. Have user wait 15-30 minutes (our phone-home/check-in period is 15min) but keep machine unlocked, e.g. have them actually do their jobs :)
    6. After 30 minutes, have the user attempt to lock/unlock the system. It should stop prompting for the old password. 
    7. Verify full resolution of the issue with a reboot and successful user login through the POA screen.

    If the above does not work, I will do steps 1-3 from above and then perform the following:

    1. Share my screen (usually I share my RDP session to the Sophos console via Lync/Skype as opposed to my whole desktop)
    2. Create a new certificate for the user, having the user type their current AD password into the dialog box
    3. Continue the above procedure at step 4. 

    I have never successfully changed a password through that particular Sophos dialog but I do not believe that is the appropriate action in this situation. I hope that I read your question correctly and provided useful information. There are a few edge-case scenarios that I didn't go into, but will if requested.