Why would an IIS site with Windows Authentication enabled authenticate old passwords

[dalearyous]

we have a site running in IIS using windows authentication. when you browse to the site it pops up with a login window, you type in your domain credentials (username and password) and you login. HOWEVER, some users are reporting that it does not like their new password and they have to use their old password. what would cause this and how can i fix it?

example:
Bob Smith logs in as bsmith with password: pw1

Bob Smith changes his password for bsmith to pw2

Bob Smith tries to log into IIS site as bsmith and has to use pw1 instead of his new pw2

*edit*
is it cached somewhere?

 

[Cmustang87]

Try giving your IIS server a reboot.

 

[Deleted member 82943]

credentials manager might be a good place to look as well

 

[Biznatch]

Are there multiple AD sites and replication is broken? Say they change their workstation password at the local office, which updates the local AD server. But the IIS server is at another site, authenticating against another AD server, which is failing to replicate the changes to the users AD account. So the server IIS using checking the credentials against does not have the latest changes.

 

[Quartz-1]

How long is it after they change their passwords that they cannot log in? Replication around a network can take hours.

 

[/usr/home]

If they are changing their passwords upon logon and then not logging off and back on after, that could be your issue. I've seen it quite often that Windows will keep trying to use the old password to authenticate even though it's been changed.

 

[dalearyous]

this issue has been going on for 6 months now, so yes servers have been rebooted.

there is only one AD site

nothing has been setup in the credential manager

 

[tporter]

How many domain controllers?
are domain controllers all local (replication time)?
Is this server a domain controller?

My guess is either:
replication issue
(although I've never had any speed issues with our 3, normally almost instant)
Domain trust issue
II'm guessing you work in virtual environment like most. It's possible something is wrong with trust (computer account on pdc?)

Try leaving and joining the domain again on that pc. You won't loose any settings by doing it and it reestablishs the computer account.

 

[dalearyous]

this issue got resolved. due to company rebranding, new servers, SAN, and other items we changed our local domain and upgraded all servers to server 2012 r2. then we joined all the computers to the new domain. problem is gone because of this.

 

[Cmustang87]

Getting a new network fixes it every time!