No on that as well - it was working until she tried to change her password back to what it was after a (normal) password change at her laptop. Remember, her login (and ONLY hers) is broken no matter where she log in, from any machine. The problem is client software independent.
Steve Egan (temp) Systems/Network Engineer -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Pogran Sent: Friday, January 19, 2007 4:29 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cisco VPN user authentication problem Have you considered token size? I've had trouble with cisco router firmware that is older dropping udp packet sizes it didn't like with accounts whose token is large. Believe Deji has some good blog posts about it. If that is the case, a router firmware upgrade should help. Is it a win2k or win2k3 domain? James On 1/19/07, Al Garrett <[EMAIL PROTECTED]> wrote: > I just realized my response was misleading. > > > > I deleted and recreated the VPN Connection Profile within the Cisco VPN > Client....NOT the users computer profile under Documents and Settings. > > > > Al > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett > Sent: Friday, January 19, 2007 3:10 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Cisco VPN user authentication problem > > > > I had similar issues and solved them by recreating the Profile on the > laptop. > > Same settings, just created an identical Profile. Almost like the > corruption was in the profile itself. > > > > Al > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Egan > (Temp) > Sent: Friday, January 19, 2007 3:06 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Cisco VPN user authentication problem > > > > Did that. It was the first thing I looked at, having had experience > with RADIUS before. I created a user on the 3000, and it worked fine. > > > > BTW, we use the Kerberos/Active Directory authentication. But you knew > that... > > > > Steve Egan (temp) > > Systems/Network Engineer > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, January 19, 2007 3:00 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Cisco VPN user authentication problem > > > > > Steve; > > Just for kicks. Could you create a local account for testing? This would > bypass any RADIUS/TAC+ problems and confirm the VPN client isn't at > fault. Also, Cisco released a new client about a week ago. Don't ask, my > laptop is stored for the weekend. Something like 4.88888888881720344-1 > or some such. > > Anyhow, it sounds like a RADIUS problem within the server but check with > a local account on the 3000 just to eliminate what should be obvious. > > > > Brent Eads > Employee Technology Solutions, Inc. > > Office: (312) 762-9224 > Fax: (312) 762-9275 > > > The contents contain privileged and/or confidential information intended > for the named recipient of this email. ETSI (Employee Technology > Solutions, Inc.) does not warrant that the contents of any > electronically transmitted information will remain confidential. If the > reader of this email is not the intended recipient you are hereby > notified that any use, reproduction, disclosure or distribution of the > information contained in the email in error, please reply to us > immediately and delete the document. > > Viruses, Malware, Phishing and other known and unknown electronic > threats: It is the recipient/client's duties to perform virus scans and > otherwise test the information provided before loading onto any computer > system. No warranty is made that this material is free from computer > virus or any other defect. > > Any loss/damage incurred by using this material is not the sender's > responsibility. Liability will be limited to resupplying the material. > > "Steve Egan \(Temp\)" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > > 01/19/2007 04:39 PM > > Please respond to > ActiveDir@mail.activedir.org > > To > > <ActiveDir@mail.activedir.org> > > cc > > > > Subject > > [ActiveDir] Cisco VPN user authentication problem > > > > > > > > > > > Greetings, Brain Trust: > > I've been troubleshooting a VPN access problem for about two days now > and have almost scratched a groove in my head - this one's a puzzler. > > My boss has an IBM Lenovo T60 laptop that has the Cisco VPN client > software loaded into it. It was working just fine up until the third > week of December, allowing her to use Dialup to get into our HQ domain > from her house. When the logins failed, I thought it was due to crappy > dialup connection, since noise in the link will cause the VPN tunnel to > go down. > > However, I just got her link at her house to go on wireless, and it > works just spiffy (11M up/down), and she still can't log on to the > domain with the VPN software. The connection works just fine, she can > browse with no problem. OWA works just fine. > > Here's some of the troubleshooting I've done: > > 1) reloaded the VPN software. > 2) Tried to have her log on from another machine. > 3) Changed the Group authentication (made a new one) just for her. > > > Nothing seems to work. She logs in to the domain normally from her desk > at work using either the wireless in the laptop, or via the Ethernet > connection. Anybody else can use her laptop to get in via the VPN, so > it's not the drivers or hardware. Her problem is replicated from > ANYBODY's laptop utilizing the VPN software. It's got to be her > account, which is why I think it's something screwed up in AD. > > When I monitor her attempts to log into the VPN concentrator (a Cisco > 3000), sometimes it says the IKE isn't working, sometimes it says > there's no domain ("domain = {not specified}"), sometimes it never talks > to the 3000 at all (according to the log and the way it comes right back > with the username/password request). > > Want to get even more confused? This problem started when she attempted > to change her password back to what it was - she went through the AD > administration on the primary AD box and got some kind of error. Ever > since then, things just ain't the same. I think something got scrambled > in her account. We tried disabling her account for 5 minutes and then > re-enabling, but nothing's worked. > > Where should I look to see if something's amiss? I'm kinda stumped. > > Steve Egan > Systems/Network Engineer > > > Message scanned by TrendMicro > > > > Message scanned by TrendMicro > > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
