Re: Cached Credentials causing problems with shares?

On Jun 18, 10:11 am, AJ <A...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
This has been happening on multiple accounts. The only work around is to
logon to the machine locally and then connect to the shares over the VPN. It
is almost like the cached credentials are interfering in some way.



"Paul Bergson [MVP-DS]" wrote:
Is it only one account this happens with or any account?

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"AJ" <A...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ADCFBF5E-6180-4F72-A72E-33A40E293647@xxxxxxxxxxxxxxxx
We are only using the cached credentials to logon to the computer away
from
the office. But I'm trying to access the shares while connected to a VPN
and
it gives that error. It works if you use a username other than the one
logged
on using cached credentials so it can contact the domain controllers.

"Paul Bergson [MVP-DS]" wrote:

Also note, cached credentials only log you in locally, they don't extend
beyond so you will always have to enter a user Id and password once you
attempt to gain access to any object beyond your local machine.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6627d9b8cbbdfc982102e1@xxxxxxxxxxxxxxxxxxxxxxx
Hello AJ,

Please post an unedited ipconfig /all from the DC/DNS and the problem
machine, so we can exclude DNS as an issue. Also run netdiag /test:dns
and
dcdiag /v /c /e

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm

I've never had issues with cached credentials connecting to shares in
the past. Recently something has changed and I'm getting some weird
messages. This is the error i'm getting in event viewer when trying to
connect to shares.

The Security System detected an attempted downgrade attack for server
cifs/gss-dc3.  The failure code from authentication protocol Kerberos
was
"There are currently no logon servers available to service the logon
request.
(0xc000005e)".
The main problem is with the cached credentials when trying to connect
to a share it will error out with this error:

"Logon Unsuccessful: The user name you typed is the same as the user
name you logged in with. That user name has already been tried. A
domain controller cannot be found to verify that user name."

If I try to map the drive with another domain user it works fine so it
does have a connection with the DC. It is almost as if there is some
kerberos problem.- Hide quoted text -

- Show quoted text -

I think it is a Kerb problem. Cached credentials don't do anything to
renew/request Kerb tickets since when you logon disconnected there is
no connection to the KDC. For some reason, it sounds like the tickets
are also not getting issued/refreshed when you VPN back to the
network. The first thing I would try is to play around with kerbtray/
klist and see if the ticket fetch is working over the VPN. Before you
delete the existing tickets and try to get new ones, I would note
whether they are indeed expired or not.

HTH,
Dave
.

Relevant Pages

  • Re: Remote User Needs to Change PWD without connecting to domain
    ... I spent forever setting up our VPN, and I'm pretty sure it's good to go now ... I'm just really curious what happens when her password expires and ... > I think you are misinterpreting the "10 logon" settings. ... > when cached credentials are used to logon locally. ...
    (microsoft.public.win2000.security)
  • Re: Cached Credentials causing problems with shares?
    ... The other workaround is to logon locally and map a drive. ... It is almost as if the cached credentials are preventing from getting a kerb ... logon to the machine locally and then connect to the shares over the VPN. ... it sounds like the tickets ...
    (microsoft.public.windows.server.active_directory)
  • Cached Credentials causing problems with shares?
    ... I've never had issues with cached credentials connecting to shares in the ... "There are currently no logon servers available to service the logon request. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to change password?
    ... No he will not be able to logon with cached credentials unless he knows the ... still allow him access to the domain through the VPN not being able to logon ... use a local admin account to get into the laptop and is able to connect to ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cached Credentials causing problems with shares?
    ... logon to the machine locally and then connect to the shares over the VPN. ... But I'm trying to access the shares while connected to a VPN ... on using cached credentials so it can contact the domain controllers. ...
    (microsoft.public.windows.server.active_directory)
Loading