When attempting to rotate an Active Directory password, inside PAM's Tomcat logs, we report the following error:

Looking at their logs, they were getting the following errors:

com.cloakware.cspm.server.plugin.targetmanager.windows.DNSHelper.getAdLoginUrls DNS query failed
    javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.<ldap server>'

Release : 4.1.1

Customer's PAM instances are in AWS, they were pointing to Active Directory Controllers in Azure that were over 7 hops away. 

Nonetheless, we change their Active Directory Target Application from using a site in Azure to actually Active Directory sites in AWS -> which was only one hop away. 

We also increased Active Directory timeouts from 3000 to 5000 milliseconds as well.