When a users password is going to expire in up to 14 days, they get a warning and are asked if they would like to change their password now or skip it. If they skip it, they get put into the default Group Policy which messes up their connectivity. Here is what it looks like in the logs:
AAA user authentication Rejected : reason = Password is expiring
DAP: User jhick, Addr xx.xxx.xx.xxx, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
If I shut off the password expiration features, the login processes normally. Any idea why this happens or how to fix it?