Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.

Document ID:  TEC1901049
Last Modified Date:  07/04/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA Single Sign-On


  • CA Single Sign-On:Release:12.52 SP1



Running Policy Server, when user has Password Expired, then Policy Server authenticate the user.


By trouble shooting this issue, we've observed that the Policy Server gets the right code from Active Directory, but the Policy Server authenticate and authorize the user.


[12/02/2015][08:00:52][4532][s626/r15][Sm_Auth_Message.cpp:4629][CSm_Auth_Message::SendReply][badal][][][test.one][][][][** Status: Not Authenticated. Password must change. 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 532, v1db1][Badal Root][][][BadalTest][badalagent][Password must change. 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 532, v1db1][eTenet Form Auth-Siteminder][test.one][][]


As per the code data 532

HEX: 0x532 - password expired


Policy Server 12.52SP1CR02 User Directory Microsoft Active Directory 2008 R2

Fix in 12.52 SP1 CR05 


00250192 DE101595 The Authreason codes from Policy Server are not same as the AD response irrespective of the status of isADEnhanced.

defects fixed in 1252sp1cr05

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile

  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing