Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 8 subscribers
  • Views 16435 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Synchronising password in Sophos and Active Directory

Dtekmario

Hi.

We are using Safe guard 6.00.1.31

User is using laptop and loging in with Active Directory credentials.

Profile on a laptop is Local.

Normaly every thing works ok, and there is no probelem with changing the password.

But in that case user loged in on another machine(with out SafeGuard) and there changed the password (it was required by system - AD policy to change password every 30 days).

Now when trying to log in SafeGuard it accepts the old password, but then in windows there is message that password has expired and needs to be changed.

When changing the password it allways give message that password cant be changed because it doesn't meet password requirements.

It for sure does. Lots of new passwords were tried and allways there is the same message.

I can log in to POA and to the local admin account without any problem.

Please help.

BR

Dtekmario

:38695


This thread was automatically locked due to age.
Parents
  • 0

    This happens a few times a week at my organization. My response to this issue is below.

    1. Get user logged into system via POA
    2. Connect to our corporate VPN if they are not on the company network.
    3. In the SGE Admin console, find the user and delete their certificate.
    4. Force a manual synchronization on the user's workstation (sgmcmdintn.exe -s). 
    5. Have user wait 15-30 minutes (our phone-home/check-in period is 15min) but keep machine unlocked, e.g. have them actually do their jobs :)
    6. After 30 minutes, have the user attempt to lock/unlock the system. It should stop prompting for the old password. 
    7. Verify full resolution of the issue with a reboot and successful user login through the POA screen.

    If the above does not work, I will do steps 1-3 from above and then perform the following:

    1. Share my screen (usually I share my RDP session to the Sophos console via Lync/Skype as opposed to my whole desktop)
    2. Create a new certificate for the user, having the user type their current AD password into the dialog box
    3. Continue the above procedure at step 4. 

    I have never successfully changed a password through that particular Sophos dialog but I do not believe that is the appropriate action in this situation. I hope that I read your question correctly and provided useful information. There are a few edge-case scenarios that I didn't go into, but will if requested.

Reply
  • 0

    This happens a few times a week at my organization. My response to this issue is below.

    1. Get user logged into system via POA
    2. Connect to our corporate VPN if they are not on the company network.
    3. In the SGE Admin console, find the user and delete their certificate.
    4. Force a manual synchronization on the user's workstation (sgmcmdintn.exe -s). 
    5. Have user wait 15-30 minutes (our phone-home/check-in period is 15min) but keep machine unlocked, e.g. have them actually do their jobs :)
    6. After 30 minutes, have the user attempt to lock/unlock the system. It should stop prompting for the old password. 
    7. Verify full resolution of the issue with a reboot and successful user login through the POA screen.

    If the above does not work, I will do steps 1-3 from above and then perform the following:

    1. Share my screen (usually I share my RDP session to the Sophos console via Lync/Skype as opposed to my whole desktop)
    2. Create a new certificate for the user, having the user type their current AD password into the dialog box
    3. Continue the above procedure at step 4. 

    I have never successfully changed a password through that particular Sophos dialog but I do not believe that is the appropriate action in this situation. I hope that I read your question correctly and provided useful information. There are a few edge-case scenarios that I didn't go into, but will if requested.

Children
No Data
Unfiltered HTML