Okay, I need “rational” solutions to this issue.
I have several remote windows 7 domain users that receive this message on logon:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.” and it asks for username / password.
A little bit of setup:
150-ish in house users 50-ish remote users
User accounts have redirected docs / desk / etc… with offline file sync enabled.
Users have a windows based VPN that they can connect to to synchronize data and access server resources. The VPN can not be used constantly because of bandwidth limitations. VPN is set in split tunneling mode because of a dramatic performance loss caused by the bandwidth limitations.
What I understand is happening is that when the user logs on and the system tries to access the redirected documents / desktops / etc… and it is trying to authenticate the share with the server using Kerberos yet the local DNS cant find the server, because they are not on site, Kerberos fails and causes windows to display this message in an attempt to force the user to authenticate.
What I don’t understand is why, since the domain controller is not present, does it not just authenticate to the cached credentials like it should? And second, why does it take entering the username / password 2-10 times before the it actually accepts them? Shouldn’t it either take them immediately as authenticating against the cached credentials or never accepting them at all because it cant find the DC?
So I need a solution that will not hamper performance, but will stop this bloody message from plaguing me.
Note: Option I have not tried because of the bandwidth issue is setting the remote users VPN connections back to full tunnel and having the VPN connect on logon. Theoretically that would solve the problem but it would put such a drain on the limited bandwidth at the home site and for all of the remote users.