We had a major network issue where our secondary domain controller (responsible for Win2k3 boxes) died and had to be rebuilt (I beleive this is what happened, I am a developer not network admin).
Anyway, I am working remotely via VPN at the moment and since this happened, I am getting an authentication box when trying to access certain areas of SDL Tridion via IE (Tridion 2009 SP1 is IE only) it seems like somewhere my credentials are not being passed correctly or the ones cached on my laptop do not match the ones the Domain Controller has.
This only seems to affect Windows 2003 servers. Our IT support thinks that the only way to sort it out is to connect my laptop directly to the network. I am not planned to go to the office for a few weeks at least and this issue means I have to work with Tridion via Remote Desktop. We thought changing the password on my account might work but this didn’t help.
So basically my question is, is there any way I can reset my credential cache without having to reconnect to the network? Or is it IE that is causing the problem perhaps, since I can RDP to servers and use Tridion 2011 instances in other browsers fine?
I am on Windows 7 using SonicWall VPN client.
If you login over a VPN and the resulting network you are connected to has sight of your AD domain then your computer should synchronise properly. Assuming of course your computer is domain-joined and the VPN can deal with AD traffic.
Usual tricks to ‘synchronise’ the account is to connect to VPN, then lock and unlock the computer. This will reveal whether your account has expired, locked etc. Changing the password has the same effect.
Aside from that there is also an IE security setting that controls how logged-on credentials are passed to websites. It’s called “Automatic Logon with current username and password.” But there are implications for switching this on and you need to speak to your sys admins.
As an aside, there is no such thing (since NT4) as ‘secondary’ domain controllers. And specific domain controllers are not responsible for specific OS versions. If there is a specific DC that is generally responsible for a specific group of servers it will be due to AD sites, but if that DC fails those servers should still be able to authenticate across the WAN, if your network is setup properly.
- VPN access to a domain controller?
- things to check prior to moving all FSMO roles to a new domain controller before decommission original old domain controller
- Decommissioning Domain Controller in South America
- how to add domain controller from remote machine in AD
- What should I do if a domain controller/DNS/etc. machine is stolen?
Leave a comment
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address
- 100% packets dropped on first RX queue on 3/5 raid6 iSCSI NAS devices using intel igb (resolved)