ZCM 10.3 installed and running fine. Pointing to an AD database as a user source. No Novell client installed.

If a user logs in normally with their password, the passive logon is successful and everything runs as normal.


If a user fat-fingers their password initially (extremely common, at least in my environment), get a failed logon from the MS GINA and re-enters the password correctly it appears that the ZCM passive logon attempt is using the initially entered BAD password (or who knows, maybe a <null> password for all I know) and fails, which prompts the user to re-enter their credentials. When the ZCM logon window pops up, the cached user name is correct as is the zone, if the correct password is entered the ZCM logon continues on as normal.

Is this normal behaviour?

I know I can supress the passive logon prompt, but that's not REALLY a fix. I'd like for the password that actually allowed a domain logon to get passed to the ZCM passive attempt.