I have been encountering an issue for some time now where long running workflows (2+ weeks) will fail after the executing user changes their Active Directory account password and we either reboot the Orchestrator virtual appliance or restart the Orchestrator services on the appliance. We have configured the appliance to communicate with vCenter using a shared session and this functions without any problems (this password isn't changed nearly as often). Not updating the executing user's account password is not an option and is required every 60 days. Using a shared account with a different password policy to execute workflows is also not an option as an audit trail must exist that ties each action to an individual person. The workflows themselves are only accessing vCenter for information and thus the executing user's credentials aren't used for executing any portion of the workflow.
An example scenario is this:
1) User A executes long running workflow (workflow uses a waiting timer and checks vCenter for status information every 24 hours).
2) User A is required to reset their AD account password and does so.
3) Sometime later, the Orchestrator appliance/services are restarted.
4) All long running workflows executed by User A fail with the following error log entries (sensitive information removed):
2013-05-22 18:33:44.416-0400 WARN [Execution] Unable to resume workflow:[Workflow Name], reason: Cannot login user : CN=LastName\, FirstName,OU=OU Name,DC=domain,DC=domain,DC=domain,DC=domain(reason : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece])
2013-05-22 18:33:44.433-0400 WARN [Execution] User session fix disabled
2013-05-22 18:33:44.433-0400 ERROR [Execution] Unable to resume workflow execution [ff8080813d5bfd88013d8e725456016d], unable to create user session