• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

VPN users not authenticating

We lost a domain controller last week which caused us lots of problems but most of them are now resolved except we have a number of users who connect via VPN who cannot access any file shares on the servers.

When they try to connect to a share, it prompts for a username and password with a message to say "The system detected a possible attempt to compromise security.  Please ensure that you can contact the server that authenticated you"

I suspect the problem relates to the subnet that the VPN users are coming from as when the user plugs directly into the LAN, the computer works perfectly, but I can't prove my theory as neither the client nor the server log any errors that I can see.

The domain controller that went down also served as a DNS server and I'm not sure that is working correctly but any suggestions for troubleshooting this problem greatly received!

Many thanks
1 Solution
SandeshdubeySenior Server EngineerCommented:
I would recommend to verify the health of DCs first by running dcdiag/q and repadmin /replsum.You mentioned on DC is removed,how was the demotion normal or forcefully?.If server was crashed have you performed metadata cleamup?

You need to point the VPN client DNS setting to online dns DC as this may be one of the cause.

Ensure that DNs/DC role is configured on all DCs.
cjohnson300Author Commented:
It was the dcdiag that pointed me to the problem.  The KDC service wasnt running on the DC on the LAN the VPN users were connecting to, hence the authentication/trust issues.  Restarting the service (changing from Disabled) cured the problem it seems.

When the machine was plugged into the LAN directly, it was able to contact a different DC at another site which is why it worked ok then.

Many thanks for your help
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now