Windows Authentication behaves oddly when VPN'd

Solution 1:

I was also having this same issue and found the solution here:

http://social.technet.microsoft.com/forums/en-US/itprovistanetworking/thread/275599f0-6239-46a5-8245-50a5c13a2713/

You'll need to locate your VPN connections .pbk file.

You can find it here:

C:\Users\{WindowsLogin}\AppData\Roaming\Microsoft\Network\Connections\Pbk

Or if you have it set to allow all users to use the connection, you can find it here:

C:\ProgramData\Microsoft\Network\Connections\Pbk

Edit it with a text editor and find the line that says:

UseRasCredentials=1

Disable it by setting it to 0

UseRasCredentials=0

Solution 2:

We use Cisco VPN software for some off-site users. The VPN software prompts for credentials which queries against Active Directory to ensure username/password are correct and the user has rights to logon via VPN. But a successful authentication only establishes a connection to the network. Access to network resources relies on the authentication you provided to the workstation when you logged on.

This became an issue for us because users would logon to the laptop with cached credentials, establish a VPN connection, then change their password. They would then lockout their domain accounts because their user token had their old credentials. We have since advised these users to lock and unlock their workstation after changing their password while the VPN tunnel is established. This updates the user token and lets them access network resources using the updated credentials.