Are they logging into a local account on their computer, or logging into their domain profile using cached credentials? We use the latter.
How are they authenticating for remote access? AD via SmartDirectory or FW-1 credentials?
If logging into a local account, is there any chance he/she has a mapped drive with an automatic logon set that has an old AD password in it?
Ray
From: Hal Dorsman <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] VPN woes: user getting locked out of Exchange Date: Wed, 6 Apr 2005 11:31:22 -0600
We have a couple of dozen VPN users coming into a NG FP3 box. Everyone seems to work pretty well for the most part, except one user keeps getting locked out of Exchange 2000. Their Active Directory account shows the account is locked. They can always initially get authenticated just fine, can get email, can browse the network, but they leave their Outlook open for awhile and the account gets locked then they can't get back in. It seems as if Outlook keeps trying to reauthenticate but is sending over a corrupted password. We do not use SDL, figuring it seems easier and safer to have the user log on locally, get their VPN up when needed, then authenticate to network resources as needed. Works fine for everyone except this one guy. It is not a local network problem as it fails the same way for him when he is in other locations. His settings are the same as others, we have uninstalled and reinstalled SecureClient. Anyone see this behavior?
thanks
Hal
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
