Guest Zeffy Posted December 12, 2007 Posted December 12, 2007 Hey all, We are running Windows 2003 domain, Windows XP and some Vista clients and We are expirencing an authentication problem with clients who uses the SecureRemote client (NGX) from the Internet. The remote computers sometimes are domain members and some are in workgroup. When we change the password to a AD username and the remote user tries to use CIFS, SMTP or any other network service which requires Kerberos or NTLM authentication - it failes. The user recieves errors messages in the eventlog "No authentication protocol was available" and some other related authentication events. This is sometimes caused by invalid cached credentials. Because the computer at thier home didn't did a successfull logon (after password change) after the password change which eventually causes this to fail. We generally solve this by regenerating the computer SID (disjoing and recreating the computer account) or cleaning reverse DNS records. Now to the questions: 1. I guess there are other environments out there that are using password change policy. What are you doing with remote domain members (which doesn't frequently connect to the LAN)? Do they have to bring thier own computers in order to "sync" with the AD? 2. Is there any link/post you might know related to this issue? Much thanks. -- Unshared knowledge is lost knowledge, and lost knowledge is wasted capital. Don't forget to vote :-)
Recommended Posts