Users were either unable to set a password at the password website or unable to use the password reported to be successfully set.
Affected users were limited to those that tried to set or reset passwords during the service interruption period. The newly set passwords would not work for impacted users.
An incorrect host-based firewall rule was deployed by an automated configuration change process which prevented the system from properly communicating with LDAP systems.
Corrected the host-based firewall rule and pushed out via the automation process again. 78 impacted users were identified and reached out to reset their passwords after the service was restored.
Before re-enabling an automation agent on a system, there should be at least 2 engineers to review the configuration changes and to run the changes in a dry-run mode, before the actual rollout.