Trevor Local
asked on
pc behind PIX to PIX - domain password out of sync
hello-
I have a pc behind a PIX that has a dedicated VPN to another PIX at the corp site that has Exchange. The remote user changed the password- now his profile can't map a drive or get his Outlook email. Outlook asks for his password, but even the right one fails and locks out the account (after only one entry!). So I'm wondering if the VPN doesn't allow password changes or is it that the request is too slow and times out. ?
Other profiles on the same pc work just fine. But changing domain password didn't agree with this profile!
thanks in advance.
I have a pc behind a PIX that has a dedicated VPN to another PIX at the corp site that has Exchange. The remote user changed the password- now his profile can't map a drive or get his Outlook email. Outlook asks for his password, but even the right one fails and locks out the account (after only one entry!). So I'm wondering if the VPN doesn't allow password changes or is it that the request is too slow and times out. ?
Other profiles on the same pc work just fine. But changing domain password didn't agree with this profile!
thanks in advance.
ASKER
hi keith-
when trying to map a drive it asks for authentication. i can map it as myself or the other user, but not this user. not his old password or new password. and when i do put in his correct password, it locks out his account. that remote site is only about 5 miles away, and i could bring it back to the corp office to re-sync, but i'm just trying to figure out what the complication is.
so the remote users can't change their password across the vpn?
when trying to map a drive it asks for authentication. i can map it as myself or the other user, but not this user. not his old password or new password. and when i do put in his correct password, it locks out his account. that remote site is only about 5 miles away, and i could bring it back to the corp office to re-sync, but i'm just trying to figure out what the complication is.
so the remote users can't change their password across the vpn?
The it is likely that there are cached credentials on the work station. if this user logs onto a different workstation with his new username/password, does it work OK?
ASKER
haven't tried that- there's only one pc at that site.
but theoretically should they be able to change their password across the VPN? they log into the domain, not a workgroup. and they get their Exchange mail, have mapped drives etc.
i'm sure this will come up again, so I just want to figure out the "why"?
I was thinking about deleting the local bad profile (copy his data, put it back) and just starting him over.
but theoretically should they be able to change their password across the VPN? they log into the domain, not a workgroup. and they get their Exchange mail, have mapped drives etc.
i'm sure this will come up again, so I just want to figure out the "why"?
I was thinking about deleting the local bad profile (copy his data, put it back) and just starting him over.
That 'may' be the quickest way but would not solve the issue for the future of course. It 'would' however prove that the credentials have been cached.
ASKER
yeah- that's why i have hesitated on the profile rebuild. i'm sure it will solve it but i'm not sure why this has happened.
If it is locking after a 'single' try, then the problem is not most likely with the PIX but on the server side. Also as you can logon as other users and stuff works fine, the VPN tunnel is not the culprit.
Have you tried changing password for another user on this machine?
Cheers,
Rajesh
Have you tried changing password for another user on this machine?
Cheers,
Rajesh
ASKER
haven't tried that because I don't want the second user's profile to get corrupt or have the same problem.
i guess i can create a profile for myself as a test profile, to see if i can change my own password through the VPN.
i guess i can create a profile for myself as a test profile, to see if i can change my own password through the VPN.
Makes sense :) Good call
Very Well. Try that and you might get an idea. Once password is changed, then also check the Server Event Logs to take a look.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
i was going to delete the user's profile, but it won't let me. i'm a member of the admin group- i can delete the other user, but not this one. it's greyed out. tried as local admin, my domain admin profile, and even the other user. none of them will let me delete the faulty profile. is there a registry setting or something to change to let me delete it?
also, when i log in as me and try to map a drive, it tells me it can't find a domain controller. when i bring up my Outlook, it prompts me for my password- so i check "remember my password" - mail comes up, but then the same thing again once i close and reopen. i can map a drive using net use commands though.
i can ping the domain controller by machine name and ip address. and i have an entry for it in the hosts file.
also, when i log in as me and try to map a drive, it tells me it can't find a domain controller. when i bring up my Outlook, it prompts me for my password- so i check "remember my password" - mail comes up, but then the same thing again once i close and reopen. i can map a drive using net use commands though.
i can ping the domain controller by machine name and ip address. and i have an entry for it in the hosts file.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks keith-
i booted in safe mode, deleted his profile. but fragments remain. it still won't use his network password, but uses the cached one. but at least i can map his drives and get his outlook.
i'll call it successful!!
thanks for the input
i booted in safe mode, deleted his profile. but fragments remain. it still won't use his network password, but uses the cached one. but at least i can map his drives and get his outlook.
i'll call it successful!!
thanks for the input
Welcome
Regards
keith
Regards
keith
If the user tries to map a drive, is it asking for authentication or just failing?