If the user knows their old password, simply entering it into the prompt will update their certificate and push the new certificate back to the server.
If they do not know the old password, the easiest way to resolve this issue is to delete the users certificate in the SafeGuard Management Center. The user can then log into Windows, on a machine with the SafeGuard client, an receives a new certificate form the SafeGuard Server.
The steps below will guide you through this process:
- Reset the user's password in AD with a temporary password.
- Have the user log into Windows with the temporary password and click Cancel on the Old Password prompt from SafeGuard.
- In the SafeGuard Management Center > Users and Computers, locate the user, open their Certificate tab, and left-click to highlight their certificate
- Delete the user's old certificate by selecting, in the toolbar, Actions > Remove
- Have the user synchronize the client with the server by right-clicking the SafeGuard systray icon and selecting Synchronize
- Once the sync is complete, have them log out of Windows and back in again (still with the temporary password). They should not be prompted for their old password.
- Have the user change their password using Ctrl+Alt+Del.
- If they still can't change their password ask them to create a new one in AD and test.
Full article is here :
https://community.sophos.com/kb/en-us/112239