cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Laps key rotation

luki02
Copper Contributor

‎Oct 02 2023 08:39 AM

‎Oct 02 2023 08:39 AM

Windows Laps key rotation

Hello, I have Windows Laps configured with password rotation every 10 days, I have encountered several cases where the password rotates before the expiration date. What could be the reason?

Labels:
758 Views
0 Likes
2 Replies
Reply
2 Replies
LeonPavesic

‎Oct 04 2023 01:43 AM

‎Oct 04 2023 01:43 AM

Re: Windows Laps key rotation

Hi @luki02,

 

If you are experiencing problems with Windows LAPS key rotation, you can follow these steps to troubleshoot the issue:

  1. Check the Windows LAPS event logs for information about why the password is rotating. To do this, open Event Viewer and navigate to the following log:

" Applications and Services Logs\Microsoft\Windows\LAPS "

Look for events with the ID 4688. These events will provide information about why the password was rotated.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

0 Likes
Reply
Rudy_Ooms_MVP

‎Oct 04 2023 11:31 PM

‎Oct 04 2023 11:31 PM

Re: Windows Laps key rotation

Password rotation could kick when the grace period of the password expired (so every 10 days)
But if you configured paa, there could be a chance that when using the managed account (trying to login with it) still kicks off the paa actions (reset the password) even when you have entered the wrong password. That one is fixed in a future build.. but as i am not sure which build you are using....

And another thing could be to remotely trigger a password rotation from intune.... or on the device with the reset-lapspassword command... so just like leon pointed out....
You have got some options here, so the LAPS event logs or the audit log in azure ad (entrA) should be the first places to start looking
0 Likes
Reply