Active Credentials change ignored until IIS reset

Tri · Post by **Tri** » Fri Jun 10, 2005 2:40 pm

Client + Server 3.07

1. User1 connected using Active Directory authentication.

2. The AD admin changes the password of DOMAIN\User1. (Or disables the DOMAIN\User1 account)

3. User1 is unaffected and can even log in and out again using the previous AD credentials (ie. log in using old password or can log in while DOMAIN\User1 has been disabled).

Turn around #1: IISreset fixes the issue. But will also affect the pending activities of all other users. I would prefer to avoid IISreset the entire server for change that only affects one user.

Turn around #2: uncheck "Authenticate using Active Directory". Will almost fix the issue, with the condition that User1 has to log off. Which is not really satisfactory. (See details in my previosu post "User credential changes ignored if user logged in" http://support.sourcegear.com/viewtopic.php?t=4036)

Can you please advise a solution to take in account immediately an Active Directory credential change?

Post by **jclausius** » Fri Jun 10, 2005 2:54 pm

I've heard of problems where the AD queries are cached, and it takes some time (up to 15 minutes) for the cache to clear.

Does this set of circumstances fit what you're describing?

Tri · Post by **Tri** » Fri Jun 10, 2005 8:51 pm

Just played around with AD for evaluation today. I didn't think of waiting 15 minutes. I suspected of course that there should be a cache somewhere but I didn't where to flush it.

A colleague of mine said that there is similar situation with SahrePoint 2003. And the tool itself must provide a way to reset the cache, in this case, the SharePoint Admin interface.

I didn't find similar setting in Vault Admint Tool so I just tried IISreset. As it seems to do the trick, can you investigate if the AD queries cache is between Vault Server / IIS or IIS / AD Server? Hopefully, if it is the first scenario then may be there is something you can do in Admin Tool to help clearing the cache.