Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Force AD Domain Logon over VPN 1

Status
Not open for further replies.
DaveNeubauer

DaveNeubauer

IS-IT--Management
Jul 29, 2002
33
DE
I have a remote-office user who uses a RSA SecurID token and our Nortel Contivity RAS to connect to our domain. He was having difficulty logging on one day and asked our helpdesk to reset his password. In satisfying his request, my helpdesk person ruined the cached credentials. What is more, the user still cannot logon as himself.

Since the user logs-on before building the VPN tunnel, I don't know how to force the caching of credentials. Is there a way to force a logon? In Novell, one can issue the login command at the command prompt to force a logon, but I don't know how in Windows.

Any advice?
 
Sort by date Sort by votes
Can you get the VPN client to start before windows logon, or conversely, can you have it stay connected while the user logs off locally?
 
Upvote 0 Downvote
What exactly can't the user do? Can he logon to his computer and then cannot logon to the VPN, or can he not even logon to his computer?

If he can't logon to his computer, he's SOL and will have to send it in or visit the main office to logon unless you have a backdoor account on it he can use.

If he can't logon to the VPN, I'm not sure how that's tied into his user account as the RSA SecurID's use their own set of credentials for authentication.

Where is he having a problem exactly?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Thanks to both of you for your responses.

The ROW can login under another user's credentials but not his own.

I've tried creating the VPN connection and then logging-out, but it kills the VPN tunnel; so it looks like one has to login to the computer first and then create the VPN connection.
 
Upvote 0 Downvote
Look for an option in the VPN software to connect to the VPN first (Cisco has it).

So I'm clear, the remote user cannot logon to his own computer using his credentials, but he can with someone elses? Try having him logon as the other user, lock the computer, then unlock it using his new credentials (after connecting to the VPN).

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
On the initial Windows login screen, have the user place a check mark in the box "Log on using dial-up connection". After putting in his password and clicking OK, Windows will bring up a dialog box asking which network connection to use. There is a decent chance he should be able to select the VPN connection. Windows will use that connection (assuming it's successful) and act as if it is logging on at a LAN, and should update the cached credentials.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
135
ADB100
ADB100
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
368
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top