Changing user password via VPN

Posted on 2006-10-20
Last Modified: 2011-08-18
When it comes time for users to change their domain passwords, all users on the LAN or connecting to it via
our WAN have no problems doing so. We have a dozen or more remote users. Those that connect via a VPN/
Firewall appliance that establishes a tunnel to our LAN usually have no problems too. However, a handful of users
connect to our LAN via VPN software that runs on their laptops. These users always have problems and have to
eventually come in to one of our locations connected via WAN or LAN to change the password on their laptops.
They all have entries in their hosts file for all of our servers. When they try to change their password (open the
Windows Security window and click on the "change password" button) it eventually times out with an error to
the effect that the domain controller is not available (even though they have established a VPN connection and
can ping the DC on our LAN). Is there any remedy for this situation?


Question by:ks157
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 18

Expert Comment

ID: 17776502
You say that they can ping the DC but do they authenticate first before trying to change their password? Obviously if their password has already expired they cannot do that but lets just say the password has yet to expire in this case...

Author Comment

ID: 17776539
Would they "authenticate first" by logging off Windows with an active VPN connection and then logging back in?
LVL 18

Expert Comment

ID: 17776618
I know that the Cisco VPN client has an option to launch before they login. In that case yes they would be authenticated. It also has the option to keep the keep the VPNC connection established if you logoff. So in that case if you logon, connect via VPN, logoff then log back in then yes you would be authenticated. Any easy way to authenticate would be to UNC to the DC...

\\DC01 <--- put that in the address bar in Internet Explorer and hit enter it will prompt you to authenticate if you aren't already (DC being the name of your domain controller)
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 17776706
We are using Netscreen with the Juniper Remote access client VPN software. I'll have to look around in it to see if it has
an option to keep the VPN connection established during logoff. I'll try the tip on putting in the UNC to the DC in IE (I feel
like I should break into the "Old McDonald had a farm" song :-) I will try this sometime tonight from home with my
laptop (I have already changed my password on my desktop on the LAN, but have not logged in while connected via
VPN to the domain from my laptop, so I still log into my laptop with my previous password).
LVL 18

Expert Comment

ID: 17776761
Let me know how that goes. I will be up running an offline defrag on some information stores anyway...

Author Comment

ID: 17776906
Will do. All the best with the defrags (I've done that a few times).

Author Comment

ID: 17777804
Here's what I found out. Using the UNC tip I was prompted to enter my username and password. That allowed me
to browse folders etc. on the DC. However, I tried changing my password and got the same "domain not available."
So, I had the bright idea to put a copy of an LMHOSTS file (I updated one I had deployed years ago to reflect the
new servers etc.) in my \%windir%\system32\drivers\etc folder. I did an nbtstat -R, followed by an nbtstat -c (per
an article on MS support site). I then tried to change my password and it gave me an error message about the format
of the password (I really did not want to change my password again). So, I decided to try logging off Windows with
my VPN active and log back in using my new (changed a week ago on my desktop on the LAN) password (I tried this
before the LMHOSTS file and it did not work), and it worked! I am using the default Netbios/TCPIP setting for the
network adapter I use in my laptop at home, so I wonder if I changed it to Netbios over TCPIP if that would have
accomplished the same thing without having to use an LMHOSTS file? (I also had and still have the LMHOSTS file
lookup enabled in the WINS options for the network adapter).

Accepted Solution

Computer101 earned 0 total points
ID: 18016463
PAQed with points refunded (250)

EE Admin

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question