Hello,
All of these users had their synchronizations working fine. No new policy changes were pushed, as this setting has remained the same from "day 1". Is there any kind of logging that would show someone making a policy change, so we can track that down? Since all of these users are 2-factor users, they have to use an App-Specific password to get the authentication working (which they all had done months and months ago), but out of the blue, last Friday, the 23rd, some were being prompted for that app-specific password again, and we have no idea why.
I looked at the Google logs to see if there were any failure attempts at logging in for the affected users, which might cause Google to ask for the password again, and there was nothing. All of their mail checking all came from our IP, and there was nothing in the logs that looked like there was any hacking attempts on these users.
It was about 8 out of 30 or so users that were affected, and they were a mix of iOS 9.3.x and 10.x, so it doesn't seem to be iOS related. None of our Android users were affected, and there were users from two separate device policies, so it wasn't like a single policy was to blame.
At this point, they are working again, but I am trying to look into any logs that Centrify has that might point to something around the date/time they started getting prompted for the password again. Where can I find a log that might give me this info?
Many thanks,
Bruce