cached domain credentials, vpn, authentication failed

  • Thread starter Thread starter Dirk
  • Start date Start date
D

Dirk

Hi,



Client: Windows XP Pro SP2

Server: Windows 2000 Server SP4 (DC, AD)



I logon to my laptop with cached domain credentials (Event ID: 5719, Source:
Netlogon). I start a VPN connection to my corporate network with a Cisco VPN
client. I can ping our servers,...



When I want to make a connection to a server share \\192.168.0.3\data i see
a window asking my domain credentials. I give these credentials:
DOMAIN\Username and the password (same as the cached domain credentials). I
receive an error message that: "this account is the same as the one logged
on to the system and that this account was tried before to logon. There is
no domain controller available to validate this account."



At the same time i see these errors in the system log of the Windows XP
client:

Event ID: 40960, Source: LSASRV, Category: SPNEGO (Negotiator)

Event ID: 40961, Source: LSASRV, Category: SPNEGO (Negotiator)



When i use other credentials to logon to this share (DOMAIN\AnotherUsername
and the password - NOT the same credentials as the cached domain
credentials) there is no problem. I don't see any messages in the event log.



When i logon to this laptop with a local account (no cached domain
credentials), start the VPN connection and make a connection to
\\192.168.0.3\data with DOMAIN\Username i don't have any problem either.



It seems that the problem is that the logon process only wants to validate
my account only one time. At start-up the domain controller is not yet
available and thus the system is using the cashed domain credentials. When
my domain controller is available (vpn is active) the system doesn't want to
validate my account anymore....



Does anyone have an idea?

Thanks in advance!



Dirk
 
Mark L. Ferguson1 said:
Have you run AdAware? You may be seeing some variation on this
problem...

adaware error Unable to Log On To Windows XP After Removing
wsaupdater.exe:
http://www.lavasofthelp.com/articles/v6/04/06/0901.html

EventID.net is your friend in this case.

I found this site about 2 or 3 years ago.. and I could not of asked
for more place to find info... in 80% of the cases a problem that
appears in your event log will (or may be listed on this site).

Links for your 2 event id’s

http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
40960
http://www.eventid.net/display.asp?eventid=40961&eventno=1398&source=LsaSrv&phase=1
40961
 
Back
Top