No announcement yet.

Authentication problems with VPN users

  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication problems with VPN users

    Hey all,

    We are running Windows 2003 domain, Windows XP and some Vista clients and We are expirencing an authentication problem with clients who uses the SecureRemote client (NGX) from the Internet. The remote computers sometimes are domain members and some are in workgroup.
    When we change the password to a AD username and the remote user tries to use CIFS, SMTP or any other network service which requires Kerberos or NTLM authentication - it failes. The user recieves errors messages in the eventlog "No authentication protocol was available" and some other related authentication events.
    This is sometimes caused by invalid cached credentials. Because the computer at thier house didn't did a successfully logon (after password change) it saved the old login credentials which eventually causes this to fail.
    We generally solve this by regenerating the computer SID (disjoing and recreating the computer account) or cleaning reverse DNS records.

    Now to the questions:

    1. I guess there are other environments out there that are using password change policy. What are you doing with remote domain members (which doesn't frequently connect to the LAN)? Do they have to bring thier own computers in order to "sync" with the AD?

    2. Is there any link/post you might know related to this issue?

    Much thanks.