Please help with Remote Access Problem!
From: JD Benton (JDBenton_at_discussions.microsoft.com)
Date: 11/23/05
- Next message: Gijtech: "Re: User locked out with event 537 under type 11 logon"
- Previous message: Barry: "Re: Resetting "Password never expires" for all"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Nov 2005 05:59:06 -0800
Hello All
I have already posted this in another group but don't seem to be getting a
hit and I am getting some what desperate for a solution.
I have a very strange problem that I am hoping sure someone here is able to
help me solve.
Our setup is like this:
1. Windows 2003 domain
2. Many remote users with IBM laptops or Fujisu Stylistic Tablets
3. Checkpoint SecureClient VPN client software
4. RSA Ace server for VPN authentication
5. Scriptlogic 6.5.2 for mapping drives etc
The problem:
We have several users that authenticate to our network through a VPN
connection. These users have Checkpoint SecureClient installed on their
machines and are authenticated to a RSA Ace server that is a Member Server
in our domain. Once the user is logged on they run a batch file that maps
thier network drives via a short-cut to the Slogic.bat file in the Netlogon
directory of our PDC Emulator. Now for most people this is not a problem but
for some laptop
users and all Fujisu Tablet users the process of trying to run the login
script takes anywhere from 30-60 minutes to complete. What happens to the
people having a problem is this:
1. User runs the short-cut to Slogic.bat
2. After about 7-15 minutes they are prompted for a username and password
3. If they type in their domain user name and password they get prompted
again after about 4-10 more minutes with a message saying "that
authentication has been previously tried and failed".
4. The user can then type in a username and password from a temporary
account I created to help resolve this problem. This account is just a
simple domain user.
5. After several more minutes the logon screen will appear but can take up
to 35-40 to complete
6. When complete, the user checks for their drives but none have mapped.
As you can image, they are not very happy after taking all of this time only
to find out things did not work.
If the same user logs onto the network with the same machine while they are
in the office, everything works very quickly and as it should.
I have looked in the trace file that Scriptlogic creates and this an example
of the error message that I see:
08:44:58 Mapping drive G \\Server1\Graphics [SLP00001 1/30]
08:46:02 Error: Unable to map drive: 1265 The system detected a possible
attempt to compromise security. Please ensure that you can contact the server
that authenticated you.
OR
20:52:27 Error: Unable to map drive: 1326 Logon failure: unknown user name
or bad password.
I have been in contact with Scriptlogic and they tell me it is a Windows
authentication issue. I read one post where a person appeared to have a
somewhat similar issue to mine and they apparently resolved it by hard coding
the DNS address to on the user machine to point to the DNS server in the
domain. I gave this a shot but did not have any success. This seems to be
an obvious case of authentication but for the life of me I am stumped.
Hopefully someone out there has run into the same problem that has been
dogging me for several months and is able to lend a hand.
Thank you to all that take the time to read this and especially those that
fire me off some suggestions.
JD Benton
- Next message: Gijtech: "Re: User locked out with event 537 under type 11 logon"
- Previous message: Barry: "Re: Resetting "Password never expires" for all"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
