Not
sure if this helps but:
John Parker, MCSE
IS Admin.
Senior Technical Specialist
Digital
Display Systems.
"Be excellent to each other"
---End of Line---
-----Original Message-----
From: Wright, T. MR [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2003 11:52 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Possibly OT: Cisco VPN and AD
From: Wright, T. MR [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2003 11:52 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Possibly OT: Cisco VPN and AD
We have an issue
with our VPN concentrator. It seems that it allows some AD users to
authenticate, while others can not. We can find no pattern to explain why
the users that are able to authenticate are allowed to do so and why the users
that can't authenticate can not. An example is that I have two domain
admin acct's, one that is a Service acct. and one that belongs to me. I am
able to authenticate using the service acct. but not my own acct. They are
in the same OU, they have permissions to the same groups etc. The only
thing I see in the event logs upon an authentication failure is a generic
EventID 675 with Pre-authentication failed, with Failure Code 0x18, which
translates to a bad password, but I know this is not the case since I use my
admin account to logon to other resources etc.
Our network guys have been in contact with TAC and they don't seem to
have a clear answer either. They feel it it is something in our GPO.
The thing is our GPO settings are not rocket science. Right now we are
basically just enforcing complex passwords etc. and we're not doing much outside
of that. I was hoping that someone might have had these issues before
and could provide some insight.
Thanks,
-Tim
