Jeff:
Yep, thought of that too. Also, her password has been changed and changed back, disabled, re-enabled, folded, spindled, and mutilated. So far, nothing. See why I'm getting prematurely grey?? Password is only 7 characters long, BTW. The most it has been is 13 characters. Steve Egan Systems/Network Engineer ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury Sent: Friday, January 19, 2007 4:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem Steve - Check the Dial-in tab settings on the user's account in AD. Depending on how your VPN3000 is authenticating, these settings may or may not be checked. One other possibility - I vaguely remember having an issue before we had our VPN3000s authenticate against Cisco ACS where users with passwords longer than 14 characters could not authenticate. If you shortened the password, it worked fine. Jeff ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Egan Sent: Friday, January 19, 2007 4:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem Al: I knew what you meant, and that was the first thing I did, thinking the client software got hammered somehow by some other misbehaved software (or whatever). No change. Like I said, if somebody else logs in from her machine, it's fine. If she tries to log in from another machine, it breaks. Gotta be something in AD. Steve Egan (temp) Systems/Network Engineer ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett Sent: Friday, January 19, 2007 4:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem I just realized my response was misleading. I deleted and recreated the VPN Connection Profile within the Cisco VPN Client....NOT the users computer profile under Documents and Settings. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett Sent: Friday, January 19, 2007 3:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem I had similar issues and solved them by recreating the Profile on the laptop. Same settings, just created an identical Profile. Almost like the corruption was in the profile itself. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Egan (Temp) Sent: Friday, January 19, 2007 3:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem Did that. It was the first thing I looked at, having had experience with RADIUS before. I created a user on the 3000, and it worked fine. BTW, we use the Kerberos/Active Directory authentication. But you knew that... Steve Egan (temp) Systems/Network Engineer ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 19, 2007 3:00 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cisco VPN user authentication problem Steve; Just for kicks. Could you create a local account for testing? This would bypass any RADIUS/TAC+ problems and confirm the VPN client isn't at fault. Also, Cisco released a new client about a week ago. Don't ask, my laptop is stored for the weekend. Something like 4.88888888881720344-1 or some such. Anyhow, it sounds like a RADIUS problem within the server but check with a local account on the 3000 just to eliminate what should be obvious. Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. "Steve Egan \(Temp\)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/19/2007 04:39 PM Please respond to ActiveDir@mail.activedir.org To <ActiveDir@mail.activedir.org> cc Subject [ActiveDir] Cisco VPN user authentication problem Greetings, Brain Trust: I've been troubleshooting a VPN access problem for about two days now and have almost scratched a groove in my head - this one's a puzzler. My boss has an IBM Lenovo T60 laptop that has the Cisco VPN client software loaded into it. It was working just fine up until the third week of December, allowing her to use Dialup to get into our HQ domain from her house. When the logins failed, I thought it was due to crappy dialup connection, since noise in the link will cause the VPN tunnel to go down. However, I just got her link at her house to go on wireless, and it works just spiffy (11M up/down), and she still can't log on to the domain with the VPN software. The connection works just fine, she can browse with no problem. OWA works just fine. Here's some of the troubleshooting I've done: 1) reloaded the VPN software. 2) Tried to have her log on from another machine. 3) Changed the Group authentication (made a new one) just for her. Nothing seems to work. She logs in to the domain normally from her desk at work using either the wireless in the laptop, or via the Ethernet connection. Anybody else can use her laptop to get in via the VPN, so it's not the drivers or hardware. Her problem is replicated from ANYBODY's laptop utilizing the VPN software. It's got to be her account, which is why I think it's something screwed up in AD. When I monitor her attempts to log into the VPN concentrator (a Cisco 3000), sometimes it says the IKE isn't working, sometimes it says there's no domain ("domain = {not specified}"), sometimes it never talks to the 3000 at all (according to the log and the way it comes right back with the username/password request). Want to get even more confused? This problem started when she attempted to change her password back to what it was - she went through the AD administration on the primary AD box and got some kind of error. Ever since then, things just ain't the same. I think something got scrambled in her account. We tried disabling her account for 5 minutes and then re-enabling, but nothing's worked. Where should I look to see if something's amiss? I'm kinda stumped. Steve Egan Systems/Network Engineer Message scanned by TrendMicro Message scanned by TrendMicro Confidential This e-mail and any files transmitted with it are the property of Belkin International, Inc. and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.