RE: cashed domain credentials, vpn, authentication failed

From: Steve (Steve_at_discussions.microsoft.com)
Date: 11/04/04 

Date: Thu, 4 Nov 2004 12:44:05 -0800

Are you running active directory?
If so, sounds like the computer is not set up properly in the domain.

"Dirk" wrote:

> Hi,
>
>
>
> Client: Windows XP Pro SP2
>
> Server: Windows 2000 Server SP4 (DC, AD)
>
>
>
> I logon to my laptop with cached domain credentials (Event ID: 5719, Source:
> Netlogon). I start a VPN connection to my corporate network with a Cisco VPN
> client. I can ping our servers,...
>
>
>
> When I want to make a connection to a server share \\192.168.0.3\data i see
> a window asking my domain credentials. I give these credentials:
> DOMAIN\Username and the password (same as the cached domain credentials). I
> receive an error message that: "this account is the same as the one logged
> on to the system and that this account was tried before to logon. There is
> no domain controller available to validate this account."
>
>
>
> At the same time i see these errors in the system log of the Windows XP
> client:
>
> Event ID: 40960, Source: LSASRV, Category: SPNEGO (Negotiator)
>
> Event ID: 40961, Source: LSASRV, Category: SPNEGO (Negotiator)
>
>
>
> When i use other credentials to logon to this share (DOMAIN\AnotherUsername
> and the password - NOT the same credentials as the cached domain
> credentials) there is no problem. I don't see any messages in the event log.
>
>
>
> When i logon to this laptop with a local account (no cached domain
> credentials), start the VPN connection and make a connection to
> \\192.168.0.3\data with DOMAIN\Username i don't have any problem either.
>
>
>
> It seems that the problem is that the logon process only wants to validate
> my account only one time. At start-up the domain controller is not yet
> available and thus the system is using the cashed domain credentials. When
> my domain controller is available (vpn is active) the system doesn't want to
> validate my account anymore....
>
>
>
> Does anyone have an idea?
>
> Thanks in advance!
>
>
>
> Dirk
>
>
>

Relevant Pages

  • Re: Using EFS with Network Shares and SFU 3.5
    ... It does not take EFS into account. ... could again use the sharing server audit logs to see if success ... Read extended attribute and Read data, since the NFS client may ... Windows and *nix clients. ...
    (microsoft.public.windows.server.security)
  • Re: Problem with control hosted in IE
    ... The control is running on the client machine, so the default credentials are ... These will be the Windows logon from the ... > I logon to another machine using a local account (not one that the IIS ...
    (microsoft.public.dotnet.security)
  • Re: Using one Username to login to TS
    ... The client purchased TS Device CALs ... user account until we found the problem. ... The biggest problem with this setup is profile corruption. ... Computer Configuration - Administrative templates - Windows ...
    (microsoft.public.windows.terminal_services)
  • Re: sharing a printer on one pc for my home network
    ... The way around this is to have a Windows 2000 Server configured ... > the pc with the printer, and gave that account the same ... >>user that is currently logged on at the client. ... >>the server computer, the passwords will have to match ...
    (microsoft.public.win2000.printing)
  • RE: GROUP POLCIY PROBLEM
    ... > password than the client stored locally. ... > the easiest is usually just to remove and rejoin the computer account to the ... >> Windows cannot query for the list of Group Policy objects. ...
    (microsoft.public.windows.server.active_directory)