vasd won't stop

On a couple AIX 5.3 servers (running DB2), the vasd daemons cannot be stopped by using "/etc/rc.d/init.d/vasd stop".  Instead, I have to "kill" the processes in order for them to stop.

vasd reports "disconnected".  Users are unable to login when vasd is in this state.  The logs show login attempts such as:

May 18 16:49:31 server05 auth|security:info sshd2[254108]: pam_vas: Authentication <succeeded disconnected> for <Mapped> user: <user1> account: <user1@mydomain.com> service: <ssh> reason: <N/A> Access Control Identifier(UPN):<user1@mydomain.com>
May 18 16:49:31 server05 auth|security:info sshd2[254108]: pam_vas: Authentication <succeeded disconnected> for <Mapped> user: <user1> account: <user1@mydomain.com> service: <ssh> reason: <N/A> Access Control Identifier(UPN):<user1@mydomain.com>
May 18 16:49:31 server05 auth|security:info sshd2[254108]: pam_vas: Authentication <failed passwordless> for <Mapped> user: <user1> account: <user1@mydomain.com> service: <ssh> reason: <Password is expired.> Access Control Identifier(UPN):<user1@mydomain.com>
May 18 16:49:31 server05 auth|security:info sshd2[254108]: pam_vas: Authentication <failed passwordless> for <Mapped> user: <user1> account: <user1@mydomain.com> service: <ssh> reason: <Password is expired.> Access Control Identifier(UPN):<user1@mydomain.com>

However, i know user1's password is not expired since the user can successfully login to server04 (also AIX and configured identically).  Here is some more info from an affected server:

1) Prompt:
$ ssh server05

DISCONNECTED MODE: enter password:
Current password foruser1@mydomain.com:
New password:

2) vastool status
# vastool status

VAS is currently joined to:                      mydomain.com
Join command found in:                           /etc/opt/quest/vas/lastjoin
Verifying timesync with domain controller:       YES
  Time delta: 0 seconds
Are valid VAS licenses installed?                YES
Checking to see if VAS daemon is running:        YES
Checking for valid computer account (SAMNAME)
 SERVER05$@MYDOMAIN.COM                    YES
Checking for valid computer account (SPN)
 host/server05.mydomain.com@MYDOMAIN.COYES
Checking to see if VAS is in connected state:    NO
Verifying VAS is configured for name service:    NO
Verifying VAS is configured for auth service:    YES
Verifying VAS configuration file is correct:     YES
Verifying sanity of users allow file:            YES
Verifying sanity of users deny file:             YES
Verifying sanity of group-override file:         YES
Verifying sanity of user-override file:          YES

3) ipc file exists
# ls /var/opt/quest/vas/vasd/.vasd_ipc_sock
/var/opt/quest/vas/vasd/.vasd_ipc_sock

4) host auth works
# /opt/quest/bin/vastool -u host/ auth -S host/
SERVER05$@MYDOMAIN.COMwas successfully authenticated toSERVER05$@MYDOMAIN.COM.

Anyone seen this before or have any ideas what might be triggering this condition?

Thanks.