We have an issue
with our VPN concentrator. It seems that it allows some AD users to
authenticate, while others can not. We can find no pattern to explain why
the users that are able to authenticate are allowed to do so and why the users
that can't authenticate can not. An example is that I have two domain
admin acct's, one that is a Service acct. and one that belongs to me. I am
able to authenticate using the service acct. but not my own acct. They are
in the same OU, they have permissions to the same groups etc. The only
thing I see in the event logs upon an authentication failure is a generic
EventID 675 with Pre-authentication failed, with Failure Code 0x18, which
translates to a bad password, but I know this is not the case since I use my
admin account to logon to other resources etc.
Our network guys have been in contact with TAC and they don't seem to
have a clear answer either. They feel it it is something in our GPO.
The thing is our GPO settings are not rocket science. Right now we are
basically just enforcing complex passwords etc. and we're not doing much outside
of that. I was hoping that someone might have had these issues before
and could provide some insight.
Thanks,
-Tim