Active Directory: VPN and Windows Cached Credentials

If you are on Active Directory and your VPN Software does not set the DNS servers to your local Domain Controllers, you may encounter the following error:

The system has detected a possible attempt to compromise security. Please ensure you can contact the server that authenticated you.

This appears to be some sort of problem with cached credentials and the inability to contact the DC even though you are on its subnet. If at all possible, have your administrator configure your VPN software to set your Primary DNS to the IP of the DC on your network. If that can’t be done, adding an IP and hostname entry for your DC to LMHOSTS should work. For example

192.168.0.1 CorpDCserver #DOM:corpdomain.com

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, and holds a number of certifications, including those relating to SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory
2 comments on “Active Directory: VPN and Windows Cached Credentials
  1. Mark says:

    Thank you – this is the second time in a week I found something I was looking for in regards to Active Directory Management on your blog.

    I am not sure what you did to but google is giving you some darn good results.

    Thanks.

  2. Chrissy says:

    Awesome! Thanks Mark :-D Glad I coudl help.

Leave a Reply

Your email address will not be published. Required fields are marked *

*