MattJohnson1
IS-IT--Management
I have a strange problem with some new XP Pro machines at a client site. The setup is as follows.
Client has old NT4 domain and new AD domain. All users and laptops have been migrated to the new AD domain, while the exchange server, web server and file servers remain on the NT4 domain for the moment.
When a machine connected to the LAN and authenticated to the AD domain tries to access a resource on the NT4 domain, it works fine - we have SID history added to the AD users account so that they can authenticate to NT4 domain resources.
The problem is when a user is offline, and logs onto their machine using cached credentials. They dial a 3rd party ISP (connect.com.au), the use Cisco's VPN Client v3.61 to create a vpn into the WAN. This bit works fine.
When they try to attach to a AD resource, such as a fileshare, they are authenticated straight away and in they go.
When trying to attach to a NT4 domain resource, they are given an error message stating that the supplied username/password was incorrect, and to supply a valid one. The login box displays the ISP login details, as though these have been supplied during the connection attempt, rather than the AD login details. If you then supply the AD login, it works fine and goes straight in.
This is only happening on Win XP Pro. All 2000 Pro clients are fine. It seems obvious that when attempting to connect to a resource in the same AD domain that the user is currently logged in to, XP is supplying the correct login name/password. But when trying to connect to a different NT4 domain XP seems to be supplying the ISPs login details instead, which of course don't work.
This is a real nuisance, as most users then run a batch file to map 10-12 network drives on servers that have not yet been migrated to the AD domain. These ALL prompt for username and password. I have been able to get around it temporarily by mapping the drives manually and remembering the password, so that when the drive is mapped, XP is forced into supplying the AD login/password. But this is only going to work until the user changes their password, which happens every 30 days.
I am attempting to get hold of a later version of the VPN client, and I'll try that. But if anyone has any ideas, or experience with VPN use in this sort of situation I would be grateful for any assistance.
Thanks
Client has old NT4 domain and new AD domain. All users and laptops have been migrated to the new AD domain, while the exchange server, web server and file servers remain on the NT4 domain for the moment.
When a machine connected to the LAN and authenticated to the AD domain tries to access a resource on the NT4 domain, it works fine - we have SID history added to the AD users account so that they can authenticate to NT4 domain resources.
The problem is when a user is offline, and logs onto their machine using cached credentials. They dial a 3rd party ISP (connect.com.au), the use Cisco's VPN Client v3.61 to create a vpn into the WAN. This bit works fine.
When they try to attach to a AD resource, such as a fileshare, they are authenticated straight away and in they go.
When trying to attach to a NT4 domain resource, they are given an error message stating that the supplied username/password was incorrect, and to supply a valid one. The login box displays the ISP login details, as though these have been supplied during the connection attempt, rather than the AD login details. If you then supply the AD login, it works fine and goes straight in.
This is only happening on Win XP Pro. All 2000 Pro clients are fine. It seems obvious that when attempting to connect to a resource in the same AD domain that the user is currently logged in to, XP is supplying the correct login name/password. But when trying to connect to a different NT4 domain XP seems to be supplying the ISPs login details instead, which of course don't work.
This is a real nuisance, as most users then run a batch file to map 10-12 network drives on servers that have not yet been migrated to the AD domain. These ALL prompt for username and password. I have been able to get around it temporarily by mapping the drives manually and remembering the password, so that when the drive is mapped, XP is forced into supplying the AD login/password. But this is only going to work until the user changes their password, which happens every 30 days.
I am attempting to get hold of a later version of the VPN client, and I'll try that. But if anyone has any ideas, or experience with VPN use in this sort of situation I would be grateful for any assistance.
Thanks