• User Passwords are not in sync between AD and Identity Manager.
• The password synchronization agent logs are no longer updating and there are not errors to explain why the password changes are not taking place.
• There are no requests in the Provisioning etatrans log coming from the password sync agent. 

Applicable to the Windows Password Synchronization Agent on all windows platforms.

When a user changes their password, the password change is directed to the user's LOGON SERVER on the Domain controller. This is denoted by the %LOGONSERVER% environment variable. 

If the user's Logon Server changes to a domain controller that does not have the Password synchronization agent installed, then password requests cannot be intercepted and directed to Provisioning. This can happen if the Password sync agent is installed on the production domain controllers but not the backup/disaster recovery domains controllers. 

• Ask the user to login and and check their %LOGONSERVER% environment. Make sure it is the correct value and that the domain controller in specified has the password sync agent installed on it. 
• Also see this article: KB 9448 - CA Identity Manager: where should the Windows Password Sync Agent component be installed?

 See Also: Password Sync Agent does not propagate the password to accounts