Solved

Changing user password via VPN

Posted on 2006-10-20
9
163 Views
Last Modified: 2011-08-18
When it comes time for users to change their domain passwords, all users on the LAN or connecting to it via
our WAN have no problems doing so. We have a dozen or more remote users. Those that connect via a VPN/
Firewall appliance that establishes a tunnel to our LAN usually have no problems too. However, a handful of users
connect to our LAN via VPN software that runs on their laptops. These users always have problems and have to
eventually come in to one of our locations connected via WAN or LAN to change the password on their laptops.
They all have entries in their hosts file for all of our servers. When they try to change their password (open the
Windows Security window and click on the "change password" button) it eventually times out with an error to
the effect that the domain controller is not available (even though they have established a VPN connection and
can ping the DC on our LAN). Is there any remedy for this situation?

Thanks,

Kevin
0
Comment
Question by:ks157
  • 4
  • 3
9 Comments
 
LVL 18

Expert Comment

by:simsjrg
Comment Utility
You say that they can ping the DC but do they authenticate first before trying to change their password? Obviously if their password has already expired they cannot do that but lets just say the password has yet to expire in this case...
0
 

Author Comment

by:ks157
Comment Utility
Would they "authenticate first" by logging off Windows with an active VPN connection and then logging back in?
0
 
LVL 18

Expert Comment

by:simsjrg
Comment Utility
I know that the Cisco VPN client has an option to launch before they login. In that case yes they would be authenticated. It also has the option to keep the keep the VPNC connection established if you logoff. So in that case if you logon, connect via VPN, logoff then log back in then yes you would be authenticated. Any easy way to authenticate would be to UNC to the DC...

\\DC01 <--- put that in the address bar in Internet Explorer and hit enter it will prompt you to authenticate if you aren't already (DC being the name of your domain controller)
0
 

Author Comment

by:ks157
Comment Utility
We are using Netscreen with the Juniper Remote access client VPN software. I'll have to look around in it to see if it has
an option to keep the VPN connection established during logoff. I'll try the tip on putting in the UNC to the DC in IE (I feel
like I should break into the "Old McDonald had a farm" song :-) I will try this sometime tonight from home with my
laptop (I have already changed my password on my desktop on the LAN, but have not logged in while connected via
VPN to the domain from my laptop, so I still log into my laptop with my previous password).
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 18

Expert Comment

by:simsjrg
Comment Utility
Let me know how that goes. I will be up running an offline defrag on some information stores anyway...
0
 

Author Comment

by:ks157
Comment Utility
Will do. All the best with the defrags (I've done that a few times).
0
 

Author Comment

by:ks157
Comment Utility
Here's what I found out. Using the UNC tip I was prompted to enter my username and password. That allowed me
to browse folders etc. on the DC. However, I tried changing my password and got the same "domain not available."
So, I had the bright idea to put a copy of an LMHOSTS file (I updated one I had deployed years ago to reflect the
new servers etc.) in my \%windir%\system32\drivers\etc folder. I did an nbtstat -R, followed by an nbtstat -c (per
an article on MS support site). I then tried to change my password and it gave me an error message about the format
of the password (I really did not want to change my password again). So, I decided to try logging off Windows with
my VPN active and log back in using my new (changed a week ago on my desktop on the LAN) password (I tried this
before the LMHOSTS file and it did not work), and it worked! I am using the default Netbios/TCPIP setting for the
network adapter I use in my laptop at home, so I wonder if I changed it to Netbios over TCPIP if that would have
accomplished the same thing without having to use an LMHOSTS file? (I also had and still have the LMHOSTS file
lookup enabled in the WINS options for the network adapter).
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
Comment Utility
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now