Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Changing user password via VPN

Posted on 2006-10-20
Medium Priority
Last Modified: 2011-08-18
When it comes time for users to change their domain passwords, all users on the LAN or connecting to it via
our WAN have no problems doing so. We have a dozen or more remote users. Those that connect via a VPN/
Firewall appliance that establishes a tunnel to our LAN usually have no problems too. However, a handful of users
connect to our LAN via VPN software that runs on their laptops. These users always have problems and have to
eventually come in to one of our locations connected via WAN or LAN to change the password on their laptops.
They all have entries in their hosts file for all of our servers. When they try to change their password (open the
Windows Security window and click on the "change password" button) it eventually times out with an error to
the effect that the domain controller is not available (even though they have established a VPN connection and
can ping the DC on our LAN). Is there any remedy for this situation?


Question by:ks157
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 18

Expert Comment

ID: 17776502
You say that they can ping the DC but do they authenticate first before trying to change their password? Obviously if their password has already expired they cannot do that but lets just say the password has yet to expire in this case...

Author Comment

ID: 17776539
Would they "authenticate first" by logging off Windows with an active VPN connection and then logging back in?
LVL 18

Expert Comment

ID: 17776618
I know that the Cisco VPN client has an option to launch before they login. In that case yes they would be authenticated. It also has the option to keep the keep the VPNC connection established if you logoff. So in that case if you logon, connect via VPN, logoff then log back in then yes you would be authenticated. Any easy way to authenticate would be to UNC to the DC...

\\DC01 <--- put that in the address bar in Internet Explorer and hit enter it will prompt you to authenticate if you aren't already (DC being the name of your domain controller)
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Author Comment

ID: 17776706
We are using Netscreen with the Juniper Remote access client VPN software. I'll have to look around in it to see if it has
an option to keep the VPN connection established during logoff. I'll try the tip on putting in the UNC to the DC in IE (I feel
like I should break into the "Old McDonald had a farm" song :-) I will try this sometime tonight from home with my
laptop (I have already changed my password on my desktop on the LAN, but have not logged in while connected via
VPN to the domain from my laptop, so I still log into my laptop with my previous password).
LVL 18

Expert Comment

ID: 17776761
Let me know how that goes. I will be up running an offline defrag on some information stores anyway...

Author Comment

ID: 17776906
Will do. All the best with the defrags (I've done that a few times).

Author Comment

ID: 17777804
Here's what I found out. Using the UNC tip I was prompted to enter my username and password. That allowed me
to browse folders etc. on the DC. However, I tried changing my password and got the same "domain not available."
So, I had the bright idea to put a copy of an LMHOSTS file (I updated one I had deployed years ago to reflect the
new servers etc.) in my \%windir%\system32\drivers\etc folder. I did an nbtstat -R, followed by an nbtstat -c (per
an article on MS support site). I then tried to change my password and it gave me an error message about the format
of the password (I really did not want to change my password again). So, I decided to try logging off Windows with
my VPN active and log back in using my new (changed a week ago on my desktop on the LAN) password (I tried this
before the LMHOSTS file and it did not work), and it worked! I am using the default Netbios/TCPIP setting for the
network adapter I use in my laptop at home, so I wonder if I changed it to Netbios over TCPIP if that would have
accomplished the same thing without having to use an LMHOSTS file? (I also had and still have the LMHOSTS file
lookup enabled in the WINS options for the network adapter).

Accepted Solution

Computer101 earned 0 total points
ID: 18016463
PAQed with points refunded (250)

EE Admin

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question