08-19-2014 10:01 AM
In Clearpass, Authentication - Sources - <AD>
When I browse to a certain user, it shows the badPwdCount is 4.
However, that users password has just been reset, and they have successfully logged in.
It's been over 2 hours, and it still has not reset.
The 'Clear Cache' button in CPPM didn't change anything either.
Where does CPPM get this information, and how often does it update it?
08-19-2014 10:04 AM
What is your cache timeout set to in your AD auth source?
Also, can you use something like ADSIEdit to verify that the data is different in ClearPass vs AD?
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
08-19-2014 10:18 AM
Thanks, I had forgotten about adsiedit.
And that showed the issue. The badPwdCount for this user was different on different DC's. CPPM was reading it correctly.
That's odd, because repadmin showed that domain sync happened successfully a few minutes ago.
I know this is now a Microsoft question, but any ideas on what would cause that?