Windows 7 VPN Connection causes Active Directory / AD Lockout (Updated)

Windows 7, by default, configures its L2TP VPN Connections to use their credentials for all subsequent authentication attempts after the VPN is connected.  This works well for some situations, but for connecting to a VPN that does not share the same login/domain as your current computer’s domain membership, this can prove problematic (causing the account that the computer is logged in under to become locked out).

To correct the issue, the .PBK file that holds the VPN connection info must be adjusted.

In Windows 7, the path to the .PBK file for a user is here (filename may be different):

%APPDATA%\Microsoft\Network\Connections\Pbk\rasphone.pbk

Note: The %APPDATA% part was set to C:\Users\username\AppData\Roaming on this PC.

Open the rasphone.pbk file, and find the line that contains:

UseRasCredentials=1

and change it to be:

UseRasCredentials=0

and save the file.

That should prevent the issue with locking the local Domain user account out. Hopefully, anyway.

Update1: This setup can cause CIFS/SMB/Samba/Sharepoint access to be slower while the VPN connection is active.
To work around the issue, Open Internet Explorer, go to Tools > Internet Options.  Click the “Connections” tab, and click “LAN settings”. Under the LAN Settings dialog, un-check the “Automatically detect settings” checkbox.  Click OK, OK, FIle > Exit to get back to whatever it is you were doing. 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s