When an end-user’s Active Directory password expires, the Duo Auth client for Windows seems to do several odd things. Here’s the scenario:
The user’s password has expired in AD.
Upon login to their computer, the Duo Auth client for Windows prompts them to create a NEW “offline login” method.
Clicking the “Enroll later” option returns the user to the login screen where a message of “Your password has expired and must be changed”.
The user proceeds with the password change, but is given an “Access is denied” message.
If an administrator forcibly resets their password AND the user reboots their computer, things begin to work correctly again.
Could the Duo Auth Client for Windows be made to handle expired AD passwords more gracefully? …or do we have something misconfigured?
Thank you for any help!