General discussion


User locked out of email but not VPN

By camijacks ·
What would cause a user to be locked out of email, but not VPN? We're not on Exchange server, we use IMAP and whenever we change LAN passwords, the users must change passwords in other locations. How is it that he was able to connect to VPN, but be locked out of email? Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Couple of possibilities

by robo_dev In reply to User locked out of email ...

The first possibility is that you are not using Active Directory for VPN authentication, but I assume that you are. If you were using something like RSA SecurID, then a user could be locked in AD, yet still connect.

The second possibility is simply that there is a timing issue and/or the VPN device is doing strange things.

I've seen this happen even on a local domain controller, since the user can often logon to the local PC, yet their AD account is locked.

Also, some VPN devices interact with AD fairly leisurely, so there might be some cacheing of credentials happening at the VPN device. Some devices do a periodic synchronization with AD, so the VPN just missed the user lockout event.

Collapse -


by camijacks In reply to Couple of possibilities

Great...thanks for your insight!

Related Discussions

Related Forums