No announcement yet.

Cached Logins and VPNs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cached Logins and VPNs

    I set up a Watchguard (our firewall) VPN for some remote users. The remote users use their domain login to access their laptops then initiate a VPN session with Watchguard software. Recently one of them could not log on to their laptops anymore. After reviewing the event logs I assumed this is a cached login issue. Everytime they log on there isn't a domain controller available. However no one else has had this problem (including myself and I have logged on from a remote computer dozens of times). How can I have users authenticate with their domain credentials everysingle time without a DC available? When the user does logon to the laptop then connect via the VPN does the workstation and the DC communicate at all (would it reset the cached logins (if that really is the problem))? How does one solve the issue of unavailble DCs yet login to the domain everysingle time? If anyone has any links or whitepapers they could point me to I'd appreciate it. Thanks.

  • #2
    Re: Cached Logins and VPNs

    Take a look at this

    I think you can increase the cache log on attempts to a maximum of 50 before they have to log onto a domain controller.

    Failing that you could setup a local account for them to use when this happens.

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Cached Logins and VPNs


      I tried this with a local login and they couldn't access anything on the network. It was as if the VPN was using the local login credentials to run on the network.This kind of defeats the purpose of a VPN. I'm new to VPNs so I'm not really sure how a VPN "should" be designed. I'll take a look at the link as well. Thanks for the response.


      • #4
        Re: Cached Logins and VPNs

        Is there no way you can authenticate the users on the VPN.

        We use this at work. The user authenticates as per normal to login. Then connect to our firewall and uses RADIUS to authenticate on the network before being granted access.

        I'll have a look at the watchguard site to see if there is anything i can see.