locked
AD password expire , mobile apps didn't have notice or sign out RRS feed

  • Question

  • Hi ,

    Any advise for AD password expire but mobile apps didn't have notice and exchange calendar failed to update.

    sfb mobile still can running normal after user AD password expire but exchange authentication can't.

    Thanks.

    Friday, December 9, 2016 1:28 PM

Answers

  • Exchange using Windows Authentication (or kerberos) and S4B using certificate authentication? Account expirations and disables do not effect the validity of the certificate so the s4b client continues to run and authenticate, but exchange does not as you can no longer get a valid ticket or do windows auth.

    Sorry forgot to give some advice :) You could run a script periodically that checks for expired passwords or disabled users, if it finds one revoke the s4b certificate. Or, disable certificate auth leaving just NTLM and kerberos (set-csproxyconfiguration).



    • Edited by AndyK47 Friday, December 9, 2016 4:12 PM
    • Proposed as answer by Alice-Wang Monday, December 12, 2016 8:22 AM
    • Marked as answer by JohnHK215 Thursday, December 15, 2016 11:39 AM
    Friday, December 9, 2016 3:11 PM

All replies

  • Exchange using Windows Authentication (or kerberos) and S4B using certificate authentication? Account expirations and disables do not effect the validity of the certificate so the s4b client continues to run and authenticate, but exchange does not as you can no longer get a valid ticket or do windows auth.

    Sorry forgot to give some advice :) You could run a script periodically that checks for expired passwords or disabled users, if it finds one revoke the s4b certificate. Or, disable certificate auth leaving just NTLM and kerberos (set-csproxyconfiguration).



    • Edited by AndyK47 Friday, December 9, 2016 4:12 PM
    • Proposed as answer by Alice-Wang Monday, December 12, 2016 8:22 AM
    • Marked as answer by JohnHK215 Thursday, December 15, 2016 11:39 AM
    Friday, December 9, 2016 3:11 PM
  • use revoke-csclientcertificate command for the user
    • Edited by SEPESUSH Sunday, December 11, 2016 7:54 AM
    Sunday, December 11, 2016 7:53 AM
  • disable certificate auth leaving just NTLM and kerberos (set-csproxyconfiguration).

    Cx600 need certificatae auth.

    So, there no method the push the AD password expire message for Sfb mobile ?

    Monday, December 12, 2016 8:29 AM
  • Not without 3rd party intervention (such as a ps script to revoke the cert). Automatically revoking when the user is expired, locked out, or disabled is not built into the product.
    Monday, December 12, 2016 2:25 PM