Passwords Expiring

Great tip! Thank you.

On 905702a, user passwords expire for an unknown reason. Expire Password is not checked, Password Expires Days is set to 0 and Require Single Sign-On is not checked, yet users are asked to reset their passwords every couple of months. I called Epicor Support, and we couldn't resolve why it's happening. Has anyone experienced this?

We have been on Epicor 9.05.702A for about a year and have not seen this issue.  We require password resets.  I would recommend for security have a Password Expires Days set. We use 120.



On Tuesday, March 17, 2015 7:47 AM, "trevorlittlecal@... [vantage]" <vantage@yahoogroups.com> wrote:


 
<div id="ygrps-yiv-1477395987yiv8418534328ygrp-text">
  
  
  <div></div><div><span>On 905702a, user passwords expire for an unknown reason. Expire Password is not checked, Password Expires Days is set to 0 and Require Single Sign-On is not checked, yet users are asked to reset their passwords every couple of months. I called Epicor Support, and we couldn&#39;t resolve why it&#39;s happening. Has anyone experienced this?</span></div>

</div>
 


<div style="height:0px;color:rgb(255, 255, 255);"></div></div>
#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328 -- #ygrps-yiv-1477395987yiv8418534328ygrp-mkp { border:1px solid #d8d8d8;font-family:Arial;margin:10px 0;padding:0 10px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp hr {
border:1px solid #d8d8d8;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp #ygrps-yiv-1477395987yiv8418534328hd {
color:#628c2a;font-size:85%;font-weight:700;line-height:122%;margin:10px 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp #ygrps-yiv-1477395987yiv8418534328ads {
margin-bottom:10px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp .ygrps-yiv-1477395987yiv8418534328ad {
padding:0 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp .ygrps-yiv-1477395987yiv8418534328ad p {
margin:0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mkp .ygrps-yiv-1477395987yiv8418534328ad a {
color:#0000ff;text-decoration:none;}
#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ygrp-lc {
font-family:Arial;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ygrp-lc #ygrps-yiv-1477395987yiv8418534328hd {
margin:10px 0px;font-weight:700;font-size:78%;line-height:122%;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ygrp-lc .ygrps-yiv-1477395987yiv8418534328ad {
margin-bottom:10px;padding:0 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328actions {
font-family:Verdana;font-size:11px;padding:10px 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity {
background-color:#e0ecee;float:left;font-family:Verdana;font-size:10px;padding:10px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity span {
font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity span:first-child {
text-transform:uppercase;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity span a {
color:#5085b6;text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity span span {
color:#ff7900;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328activity span .ygrps-yiv-1477395987yiv8418534328underline {
text-decoration:underline;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328attach {
clear:both;display:table;font-family:Arial;font-size:12px;padding:10px 0;width:400px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328attach div a {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328attach img {
border:none;padding-right:5px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328attach label {
display:block;margin-bottom:5px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328attach label a {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 blockquote {
margin:0 0 0 4px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328bold {
font-family:Arial;font-size:13px;font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328bold a {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 dd.ygrps-yiv-1477395987yiv8418534328last p a {
font-family:Verdana;font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 dd.ygrps-yiv-1477395987yiv8418534328last p span {
margin-right:10px;font-family:Verdana;font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 dd.ygrps-yiv-1477395987yiv8418534328last p span.ygrps-yiv-1477395987yiv8418534328yshortcuts {
margin-right:0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328attach-table div div a {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328attach-table {
width:400px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328file-title a, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328file-title a:active, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328file-title a:hover, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328file-title a:visited {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328photo-title a, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328photo-title a:active, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328photo-title a:hover, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div.ygrps-yiv-1477395987yiv8418534328photo-title a:visited {
text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 div#ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg #ygrps-yiv-1477395987yiv8418534328ygrp-msg p a span.ygrps-yiv-1477395987yiv8418534328yshortcuts {
font-family:Verdana;font-size:10px;font-weight:normal;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328green {
color:#628c2a;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328MsoNormal {
margin:0 0 0 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 o {
font-size:0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328photos div {
float:left;width:72px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328photos div div {
border:1px solid #666666;height:62px;overflow:hidden;width:62px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328photos div label {
color:#666666;font-size:10px;overflow:hidden;text-align:center;white-space:nowrap;width:64px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328reco-category {
font-size:77%;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328reco-desc {
font-size:77%;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 .ygrps-yiv-1477395987yiv8418534328replbq {
margin:4px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-actbar div a:first-child {
margin-right:2px;padding-right:5px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg {
font-size:13px;font-family:Arial, helvetica, clean, sans-serif;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg table {
font-size:inherit;font:100%;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg select, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 input, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 textarea {
font:99% Arial, Helvetica, clean, sans-serif;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg pre, #ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 code {
font:115% monospace;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg * {
line-height:1.22em;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-mlmsg #ygrps-yiv-1477395987yiv8418534328logo {
padding-bottom:10px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-msg p a {
font-family:Verdana;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-msg p#ygrps-yiv-1477395987yiv8418534328attach-count span {
color:#1E66AE;font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-reco #ygrps-yiv-1477395987yiv8418534328reco-head {
color:#ff7900;font-weight:700;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-reco {
margin-bottom:20px;padding:0px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ov li a {
font-size:130%;text-decoration:none;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ov li {
font-size:77%;list-style-type:square;padding:6px 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-sponsor #ygrps-yiv-1477395987yiv8418534328ov ul {
margin:0;padding:0 0 0 8px;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-text {
font-family:Georgia;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-text p {
margin:0 0 1em 0;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-text tt {
font-size:120%;}

#ygrps-yiv-1477395987 #ygrps-yiv-1477395987yiv8418534328 #ygrps-yiv-1477395987yiv8418534328ygrp-vital ul li:last-child {
border-right:none !important;}
#ygrps-yiv-1477395987



I'm trying to narrow down what's forcing the password to expire, that's why I've set it to 0. If I set it to 120, it would actually be more frequent because of an unknown reason. Once I discover what that reason is, I'll set the days to expire. I think the person I inherited the system from got creative outside of Epicor, and I need to find out what they did. I'm starting to think the problem is not directly Epicor related.

Do they all expire at once or are they random single events?  Do they get a “you have 2 logins to set a password” type message” and does the old one work or do they need to enter <blank>?  The first would be for expired password the second for “cleared”.  Maybe the former sys mgr did an ODBC write to the User.ClearPassword field and set it to True in a scheduled event.  Just a guess.

-Todd C.

 

 

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com]
Sent: Tuesday, March 17, 2015 1:10 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Passwords Expiring

 

 

I'm trying to narrow down what's forcing the password to expire, that's why I've set it to 0. If I set it to 120, it would actually be more frequent because of an unknown reason. Once I discover what that reason is, I'll set the days to expire. I think the person I inherited the system from got creative outside of Epicor, and I need to find out what they did. I'm starting to think the problem is not directly Epicor related.

It's just some users (maybe 30%), and it's usually around the time their Windows AD password expires. It just tells the users that their password has expired and do they want to create a new one?... and of course 4/5 say 'No' and then end up calling me to have it reset again. There is nothing scheduled within Epicor that I can tell is triggering it, but I'm willing to bet you're right about an ODBC connection somewhere setting User.ClearPassword to true. Thanks, this gives me something to search for... it sure looks like it's behaving that way.
I was dealing with this issue this morning for a single user.  The Password Expires field had a date in it despite Expire Password being unchecked and Password Expires Days being 0.  I checked Expire Password and Clear Password and saved the record.  I then cleared the Expire Password checkbox and saved again.  I think this cleared the date from the Password Expires field.  Finally, I logged in as the user, set a new password, and confirmed that the Password Expires field remained blank.

We'll see if it holds.

Since it is not a mass thing I would look first at Security Policies and other policy settings in Windows.  I’ve never noticed an option to run something from there but like the policies for what actions to take on login there might be something triggered by the AD password security settings that clears the Epicor password.  Are the usernames for Epicor the same as for Windows?  If there are exceptions and those people never have the issue it might be a smoking gun sort of clue.

-Todd C.

 

 

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com]
Sent: Tuesday, March 17, 2015 1:33 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Passwords Expiring

 

 

It's just some users (maybe 30%), and it's usually around the time their Windows AD password expires. It just tells the users that their password has expired and do they want to create a new one?... and of course 4/5 say 'No' and then end up calling me to have it reset again. There is nothing scheduled within Epicor that I can tell is triggering it, but I'm willing to bet you're right about an ODBC connection somewhere setting User.ClearPassword to true. Thanks, this gives me something to search for... it sure looks like it's behaving that way.

It turns out that the Accounting Manager, who has the proper clearances, was expiring peoples passwords who forgot to clock-out at the end of the day.. so he could log in as them and clock them out. He just didn't tell anyone he was doing it. I can't believe this was happening, it's been a support nightmare.

Classic PEBCAK.

 

For grins I went and checked Audit Logging and sure enough (in E10 anyway) you can set to log changes to PassWord in the UserFile table.  I have not tried it but it is there.

 

-Todd C.

 

 

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com]
Sent: Friday, March 20, 2015 11:26 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Passwords Expiring

 

 

It turns out that the Accounting Manager, who has the proper clearances, was expiring peoples passwords who forgot to clock-out at the end of the day.. so he could log in as them and clock them out. He just didn't tell anyone he was doing it. I can't believe this was happening, it's been a support nightmare.

FYI: regarding your accounting manager needing to log them out -> if they are not set-up as a "user" in Epicor, he can just log into the generic MES account you have and log them out htat way. if they are set-up as a user and the user account is linked to their employee master, he can go in and unlink it. then log into the generic MES account and log them out and then just re-link it. We learned this little workaround by calling support shortly after our V9 upgrade when we had to log someone out who was a user and went away on vaca without logging out.