Thanks Rob. I will try that when I upgrade the production cluster - probably next week - and let you know what I find.

For what it's worth, I upgraded our staging cluster this morning and the last authentication timestamps all reset/vanished as I have been seeing. That was before I saw your suggestion about the 389 logs, though.

Shane