Changing user password via VPN

Posted on 2006-10-20
Last Modified: 2011-08-18
When it comes time for users to change their domain passwords, all users on the LAN or connecting to it via
our WAN have no problems doing so. We have a dozen or more remote users. Those that connect via a VPN/
Firewall appliance that establishes a tunnel to our LAN usually have no problems too. However, a handful of users
connect to our LAN via VPN software that runs on their laptops. These users always have problems and have to
eventually come in to one of our locations connected via WAN or LAN to change the password on their laptops.
They all have entries in their hosts file for all of our servers. When they try to change their password (open the
Windows Security window and click on the "change password" button) it eventually times out with an error to
the effect that the domain controller is not available (even though they have established a VPN connection and
can ping the DC on our LAN). Is there any remedy for this situation?


Question by:ks157
  • 4
  • 3
LVL 18

Expert Comment

ID: 17776502
You say that they can ping the DC but do they authenticate first before trying to change their password? Obviously if their password has already expired they cannot do that but lets just say the password has yet to expire in this case...

Author Comment

ID: 17776539
Would they "authenticate first" by logging off Windows with an active VPN connection and then logging back in?
LVL 18

Expert Comment

ID: 17776618
I know that the Cisco VPN client has an option to launch before they login. In that case yes they would be authenticated. It also has the option to keep the keep the VPNC connection established if you logoff. So in that case if you logon, connect via VPN, logoff then log back in then yes you would be authenticated. Any easy way to authenticate would be to UNC to the DC...

\\DC01 <--- put that in the address bar in Internet Explorer and hit enter it will prompt you to authenticate if you aren't already (DC being the name of your domain controller)
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 17776706
We are using Netscreen with the Juniper Remote access client VPN software. I'll have to look around in it to see if it has
an option to keep the VPN connection established during logoff. I'll try the tip on putting in the UNC to the DC in IE (I feel
like I should break into the "Old McDonald had a farm" song :-) I will try this sometime tonight from home with my
laptop (I have already changed my password on my desktop on the LAN, but have not logged in while connected via
VPN to the domain from my laptop, so I still log into my laptop with my previous password).
LVL 18

Expert Comment

ID: 17776761
Let me know how that goes. I will be up running an offline defrag on some information stores anyway...

Author Comment

ID: 17776906
Will do. All the best with the defrags (I've done that a few times).

Author Comment

ID: 17777804
Here's what I found out. Using the UNC tip I was prompted to enter my username and password. That allowed me
to browse folders etc. on the DC. However, I tried changing my password and got the same "domain not available."
So, I had the bright idea to put a copy of an LMHOSTS file (I updated one I had deployed years ago to reflect the
new servers etc.) in my \%windir%\system32\drivers\etc folder. I did an nbtstat -R, followed by an nbtstat -c (per
an article on MS support site). I then tried to change my password and it gave me an error message about the format
of the password (I really did not want to change my password again). So, I decided to try logging off Windows with
my VPN active and log back in using my new (changed a week ago on my desktop on the LAN) password (I tried this
before the LMHOSTS file and it did not work), and it worked! I am using the default Netbios/TCPIP setting for the
network adapter I use in my laptop at home, so I wonder if I changed it to Netbios over TCPIP if that would have
accomplished the same thing without having to use an LMHOSTS file? (I also had and still have the LMHOSTS file
lookup enabled in the WINS options for the network adapter).

Accepted Solution

Computer101 earned 0 total points
ID: 18016463
PAQed with points refunded (250)

EE Admin

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Advertise subnet not directly attached 6 31
IPSec/L2TP 25 28
ASA DHCP setup 5 30
Monitor Bandwidth throughput in Fortigate 100D 1 24
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question