Active Directory: VPN and Windows Cached Credentials

If you are on Active Directory and your VPN Software does not set the DNS servers to your local Domain Controllers, you may encounter the following error:

The system has detected a possible attempt to compromise security. Please ensure you can contact the server that authenticated you.

This appears to be some sort of problem with cached credentials and the inability to contact the DC even though you are on its subnet. If at all possible, have your administrator configure your VPN software to set your Primary DNS to the IP of the DC on your network. If that can’t be done, adding an IP and hostname entry for your DC to LMHOSTS should work. For example

192.168.0.1 CorpDCserver #DOM:corpdomain.com

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain RealCajunRecipes.com in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory
2 comments on “Active Directory: VPN and Windows Cached Credentials
  1. Mark says:

    Thank you – this is the second time in a week I found something I was looking for in regards to Active Directory Management on your blog.

    I am not sure what you did to but google is giving you some darn good results.

    Thanks.

  2. Chrissy says:

    Awesome! Thanks Mark :-D Glad I coudl help.

Leave a Reply

Your email address will not be published. Required fields are marked *

*