General discussion

Locked

AD Auth Fails from Cisco VPN

By kevin.square ·
this is same question as posted under Hardware since it seems to be an AD Authentication issue.
The DC is not logging anything in Sec Event Log that looks related.

Cisco VPN Auth Fails Unspecified Handle
Hope someone can have fun with this.
earlier I had a group of users who would get this 'unspecified handle' error when trying to connect. Using a different account on the same machine would work. Also using the problem acct from another machine would not work.

finally figured only thing in common was a domain group they were in so I deleted the group and they were good to go.

Now I have 2 domain accounts that get this same error. And I can't find anything in common between them.

So. On the vpn dialer, use acct1 gets the failure, try acct2 = auth ok. So it's not the machine.
On another machine the results are the same.

Its account related but for the life of me I can't see it and I get nothing of value from increasing the auth logging on the concentrator or searching for this 'unspecified handle'.

If you've got any ideas please respond.
thanks

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to AD Auth Fails from Cisco ...

Is the AD account that is having an issue showing as locked out?

Is the workstation security log showing any events?

What happens if you reset the user's AD account?

You said you removed them from a security group and they worked. What happens if you create a new user account with just domain users permissions. Does the account authenticate successfully?

What authentication are you using to the DC via the Cisco concentrator?

Collapse -

by kevin.square In reply to

Solution for now. In original post I said there was an earlier issue where all users turned out to be in same AD group. And so it is again. I should have checked this of course but didn't think they could have any groups in common.
Removing them from the group they had in common resolved the vpn auth issue.
Also tested by; test user ok for vpn auth. Added to this group. vpn auth failed. removed from group. vpn auth ok.

Kevin

Collapse -

by kevin.square In reply to AD Auth Fails from Cisco ...

AD account is not locked out. There are 2 users with same issue at the moment. User connects fine internally.

Logging on the ws. I will check. but don't think so. user is logged in to the machine but enters id and password separately on vpn dialer.

earlier we tried changing one of their passwords but didn't help. Possibly I can delete and re-create one of them.

Only one of these users was in the original group that had an issue. Other doesn't look to have any group or other similarities. They are even in different Site OU's.

Kerberos for Concentrator to AD auth. I could email you the syslog from the concentrator if you want.

BFilmFan, thanks for quick reply.
Kevin

Collapse -

by kevin.square In reply to AD Auth Fails from Cisco ...

This question was closed by the author

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums