Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

pc behind PIX to PIX - domain password out of sync

Posted on 2006-04-27
14
Medium Priority
?
214 Views
Last Modified: 2013-11-16
hello-
I have a pc behind a PIX that has a dedicated VPN to another PIX at the corp site that has Exchange. The remote user changed the password- now his profile can't map a drive or get his Outlook email. Outlook asks for his password, but even the right one fails and locks out the account (after only one entry!). So I'm wondering if the VPN doesn't allow password changes or is it that the request is too slow and times out. ?
Other profiles on the same pc work just fine. But changing domain password didn't agree with this profile!

thanks in advance.
0
Comment
Question by:Trevor Local
  • 6
  • 6
  • 2
14 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16577125
The vpn itself will not know about Windows password changes as the PIX devices will be tunnelling the data. Also, if the fault was on the PIX/VPN, the fault would show on all users; not just this one profile.

If the user tries to map a drive, is it asking for authentication or just failing?
0
 

Author Comment

by:Trevor Local
ID: 16577968
hi keith-
when trying to map a drive it asks for authentication. i can map it as myself or the other user, but not this user. not his old password or new password. and when i do put in his correct password, it locks out his account. that remote site is only about 5 miles away, and i could bring it back to the corp office to re-sync, but i'm just trying to figure out what the complication is.
so the remote users can't change their password across the vpn?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16578048
The it is likely that there are cached credentials on the work station. if this user logs onto a different workstation with his new username/password, does it work OK?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 

Author Comment

by:Trevor Local
ID: 16580165
haven't tried that- there's only one pc at that site.

but theoretically should they be able to change their password across the VPN? they log into the domain, not a workgroup. and they get their Exchange mail, have mapped drives etc.
i'm sure this will come up again, so I just want to figure out the "why"?

I was thinking about deleting the local bad profile (copy his data, put it back) and just starting him over.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16580202
That 'may' be the quickest way but would not solve the issue for the future of course. It 'would' however prove that the credentials have been cached.
0
 

Author Comment

by:Trevor Local
ID: 16580233
yeah- that's why i have hesitated on the profile rebuild. i'm sure it will solve it but i'm not sure why this has happened.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16589270
If it is locking after a 'single' try, then the problem is not most likely with the PIX but on the server side. Also as you can logon as other users and stuff works fine, the VPN tunnel is not the culprit.

Have you tried changing password for another user on this machine?

Cheers,
Rajesh
0
 

Author Comment

by:Trevor Local
ID: 16589834
haven't tried that because I don't want the second user's profile to get corrupt or have the same problem.
i guess i can create a profile for myself as a test profile, to see if i can change my own password through the VPN.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16590076
Makes sense :)  Good call
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16592598
Very Well. Try that and you might get an idea. Once password is changed, then also check the Server Event Logs to take a look.

Cheers,
Rajesh
0
 

Author Comment

by:Trevor Local
ID: 16650514
i was going to delete the user's profile, but it won't let me. i'm a member of the admin group- i can delete the other user, but not this one. it's greyed out. tried as local admin, my domain admin profile, and even the other user. none of them will let me delete the faulty profile. is there a registry setting or something to change to let me delete it?

also, when i log in as me and try to map a drive, it tells me it can't find a domain controller. when i bring up my Outlook, it prompts me for my password- so i check "remember my password" - mail comes up, but then the same thing again once i close and reopen. i can map a drive using net use commands though.

i can ping the domain controller by machine name and ip address. and i have an entry for it in the hosts file.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16651338
Delmar. to be blunt your quickest option may be to just blat this machine.
0
 

Author Comment

by:Trevor Local
ID: 16651984
thanks  keith-
i booted in safe mode, deleted his profile. but fragments remain. it still won't use his network password, but uses the cached one. but at least i can map his drives and get his outlook.
i'll call it successful!!

thanks for the input
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16652016
Welcome

Regards
keith
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month15 days, 3 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question