Re: Cached credentials, VPN connection, authentication failed.

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 11/05/04


Date: Fri, 5 Nov 2004 10:08:54 -0500

Replied in another group.
Dirk wrote:
> Hi,
>
>
>
> Client: Windows XP Pro SP2
>
> Server: Windows 2000 Server SP4 (DC, AD)
>
>
>
> I logon to my laptop with cached domain credentials (Event ID: 5719,
> Source: Netlogon). I start a VPN connection to my corporate network
> with a Cisco VPN client. I can ping our servers,...
>
>
>
> When I want to make a connection to a server share \\192.168.0.3\data
> i see a window asking my domain credentials. I give these credentials:
> DOMAIN\Username and the password (same as the cached domain
> credentials). I receive an error message that: "this account is the
> same as the one logged on to the system and that this account was
> tried before to logon. There is no domain controller available to
> validate this account."
>
>
>
> At the same time i see these errors in the system log of the Windows
> XP client:
>
> Event ID: 40960, Source: LSASRV, Category: SPNEGO (Negotiator)
>
> Event ID: 40961, Source: LSASRV, Category: SPNEGO (Negotiator)
>
>
>
> When i use other credentials to logon to this share
> (DOMAIN\AnotherUsername and the password - NOT the same credentials
> as the cached domain credentials) there is no problem. I don't see
> any messages in the event log.
>
>
>
> When i logon to this laptop with a local account (no cached domain
> credentials), start the VPN connection and make a connection to
> \\192.168.0.3\data with DOMAIN\Username i don't have any problem
> either.
>
>
>
> It seems that the problem is that the logon process only wants to
> validate my account only one time. At start-up the domain controller
> is not yet available and thus the system is using the cashed domain
> credentials. When my domain controller is available (vpn is active)
> the system doesn't want to validate my account anymore....
>
>
>
> Does anyone have an idea?
>
> Thanks in advance!
>
>
>
> Dirk



Relevant Pages

  • Re: cached credentials, vpn, failed authentication
    ... I start a VPN connection to my corporate network ... > i see a window asking my domain credentials. ... > same as the one logged on to the system and that this account was ... > At the same time i see these errors in the system log of the Windows ...
    (microsoft.public.windowsxp.network_web)
  • Cannot connect to 2000 file shares via VPN
    ... I start a VPN connection to my corporate network. ... file server and Outlook connects to the Exchange server. ... a window asking my domain credentials. ... on to the system and that this account was tried before to logon. ...
    (microsoft.public.win2000.networking)
  • RE: cashed domain credentials, vpn, authentication failed
    ... > Client: Windows XP Pro SP2 ... > a window asking my domain credentials. ... > on to the system and that this account was tried before to logon. ... > At the same time i see these errors in the system log of the Windows XP ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Question on Account Lockout - Urgent
    ... Now a days there is a huge increase in the number of account lockout calls that the helpdesk is recieving. ... Article says Many programs cache credentials or keep active threads that retain the credentials after a user changes their password. ... Every time that the user logs off the network, logs on to the network, or restarts the computer, the authentication attempt fails when Windows attempts to restore the connection because there are no stored credentials. ...
    (microsoft.public.win2000.active_directory)
  • Re: Account Lockout
    ... what account lockout settings you're using on your domains? ... You don't need to worry about the cached credentials I mentioned earlier ... which is a feature of Windows XP and Windows Server ...
    (microsoft.public.win2000.security)