Bonjour 🙂
We experience a problem with post-authentication action.
Windows LAPS detect when local admin logs on.
It also writes in the event log that the password needs to be changed after the delay (24 hours)
Our workstations are turned off every night. A lot of them are connected with a VPN.
When the workstation starts in the morning, VPN is down. LAPS try to change the Admin password and failed because it's offline. When VPN is up, at the next LAPS cycle, it says the password doesn't need to be changed and the password is never changed.
Is there a way to fix that ?
5 Comments
- JaySimmons
Microsoft
Status changed:Working on ittoCompleted - JaySimmons
Marking this completed since the fix ships in tomorrow's August 8th Patch Tuesday update. Let me know if you have any other questions.
- JaySimmons
Fred_AGNES - the July 25th preview patch ship date has been slightly delayed by one day - current ETA is Wednesday July 26th. Fyi - Jay
- JaySimmonsStatus changed:NewtoWorking on it
- JaySimmons
Hello Fred_AGNES ,
Thank you for the report. You are hitting a known bug. The fix will ship for client platforms in the July 25th preview patch update, and again for all platforms next month on August 8th (Patch Tuesday). The fix will revise the behavior so that if Windows LAPS fails for any reason to reset the password during a PAA reset operation, the password reset will be rescheduled for a later time (30 mins into the future). Given your VPN handling this may result in some event log noise but eventually the password should get rotated, plus any other PAA operations you configured will be executed.
Lmk if you have other questions.
thx,
Jay
