Results 1 to 8 of 8

Thread: Cisco VPN client software and Windows XP question

  1. #1
    Advanced Member crazyjw1971's Avatar
    Join Date
    Dec 2000
    Location
    Clinton MD, USA
    Posts
    759

    Cisco VPN client software and Windows XP question

    Greetings everyone...

    My job recently started using Cisco VPN software to allow our users log in to the network when off site (USDA, Riverdale MD). Were running into a slight situation with domain passwords. Let me explain...

    Customer gets a Work-At-Home (WAH) computer. We image it for him/her and log in with their current domain password. They take the computer home. After 45 days (I know thats quick right?), the customer is forced to change their domain password. Now the customer goes home and is forced to use their OLD domain password to get on the PC. They use their CURRENT domain password to get through the VPN and they are FORCED to enter their CURRENT domain password to access their network shares. The customer CANNOT change the domain password while at home because...

    1. If they use the OLD password in the OLD PASSWORD line, you get OLD PASSWORD INCORRECT errors.

    2. They cant use the current password in all lines. They will get the PASSWORDS ARE THE SAME error.

    3. They CANT change the password for 14 days (per security policy). Now maybe they can after the 14 day period, but isnt that a HUGE hassle to put the customer though?

    My question is...

    Has anyone had this problem? If so, what did you do to resolve it?
    U.S. Department of Agriculture I.T. Specialist
    Ducks, chickens, pigs, and mad cows need computers too!
    A+, Net+, MCDST

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,942
    Possibly change their local accounts on the WAH computers to match their new domain password...like, on that 45th day, when they change their domain password at the office...go home and change the local password to match?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Advanced Member crazyjw1971's Avatar
    Join Date
    Dec 2000
    Location
    Clinton MD, USA
    Posts
    759
    I've received some possible suggestions to get this situation resolved. If one of them works, I will let y'all know.
    U.S. Department of Agriculture I.T. Specialist
    Ducks, chickens, pigs, and mad cows need computers too!
    A+, Net+, MCDST

  4. #4
    Advanced Member crazyjw1971's Avatar
    Join Date
    Dec 2000
    Location
    Clinton MD, USA
    Posts
    759
    Originally posted by YeOldeStonecat
    Possibly change their local accounts on the WAH computers to match their new domain password...like, on that 45th day, when they change their domain password at the office...go home and change the local password to match?
    That sounds like a good idea except the powers-that-be here want all the PC's to log on to the domain. No local accounts except the local admin account.

    I did try to set the VPN client software to authenticate BEFORE allowing the user to log in. I also set it up to use third party dial-up software. All went OK until I noticed that the stupid dial-up software would not initialize. Sheeesh! Now I have to figure out why the dial-up software wont start. BTW... the dial-up software is from MCI (Access Manager).
    U.S. Department of Agriculture I.T. Specialist
    Ducks, chickens, pigs, and mad cows need computers too!
    A+, Net+, MCDST

  5. #5
    Advanced Member crazyjw1971's Avatar
    Join Date
    Dec 2000
    Location
    Clinton MD, USA
    Posts
    759
    TTT...

    Any ideas? Anyone?
    U.S. Department of Agriculture I.T. Specialist
    Ducks, chickens, pigs, and mad cows need computers too!
    A+, Net+, MCDST

  6. #6
    BrNz
    Guest
    Whenever dealing with MCI Access Manager - the answer seems to be:

    Remove and re-install.

    Why? The software is less then stellar.

    Also check to see if there were some previous corp dialer access types like AT&T or the older MCI access (forgot) but I know that this will completely mess up the Access manager.

    Good Luck

  7. #7
    Junior Member
    Join Date
    Apr 2005
    Posts
    1
    I just ran into the same problem. Users go home with company laptops and don't visit the office for some time. Their passwords expire on the domain, and they cannot VPN in until their password is changed.

    Have you found a resolution?

  8. #8
    Advanced Member crazyjw1971's Avatar
    Join Date
    Dec 2000
    Location
    Clinton MD, USA
    Posts
    759

    Yeah

    If they are on broadband, go into the options, log in properties, and select ENABLE START BEFORE WINDOWS LOGON and then restart. When the user hit CTRL+ALT+DEL, the Cisco VPN software will come up. Have them log in with their VPN password and authenticate. Then have then log into Windows. If their connection is up, it will authenticate their LAN password through the VPN to the domain controller. This works for me. It MIGHT work for you. I still havent figured out the MCI side. I will try it tomorrow and let you know.
    U.S. Department of Agriculture I.T. Specialist
    Ducks, chickens, pigs, and mad cows need computers too!
    A+, Net+, MCDST

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •