Anyone come across this? We have users at remote sites logging into IAP225. The new users that have not logged into the domain before have a temp password. In AD we have it set to prompt for change of password as soon as they login with the temp.
This part happens to the user and while they take 2 minutes to figure out what password they want to use, they enter it, and then they get a no logon servers available.
In clearpass it shows this under alerts for their login attempt. This is the first time i have seen this as well:
MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .
MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .
MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .MSCHAPL Password change failed
EAP-MSCHAPv2: User authentication failure
Is there some timeout window with clearpass and if so where would this setting be located?