LDAP health check flipping back and forth?

[Paul Suh]

New deployment here. I'm trying to deploy on Windows Server 2016. The LDAP connection health check seems to flip back and forth, with no apparent intervention on my part. 

       

Another possible symptom: I am unable to change a test user's password self-service. I log in using the user's Active Directory password, click on Change Password, and enter a new password. The password change page shows the password as fulfilling all of the password requirements (plus I know it fulfills the AD domain controller's password requirements), but it keeps giving me an error message, "New password does not meet rule requirements". Re-logging in confirms that the user's password was not changed. 

I'm delving deeper with TRACE level logging but wanted to post to see if anyone has seen this before. 

--Paul

[Jason Rivard]

Does your test user have a minimum-lifetime password policy requirement?  Thats the most common cause.

[Paul Suh]

That looks like it, plus it may have taken some time to propagate the setting through the various domain controllers.