My status

My backup memory

Thứ Sáu, 16 tháng 12, 2011

Không truy cập DFS namespace khi truy cập từ xa qua VPN với Win 7/Vista

Accessing DFS Shares when you have an Active PPTP VPN in Windows Vista
I've been investigating a problem involving a user trying to access a local DFS share while having an active VPN connection to a remote network. I looked at all the usual things including a routing problem or a DNS issue without any success. I also tested this same setup on a Virtual Machine running Windows XP and there was no problem. This therefore narrowed it down to a change in functionality between Windows Vista and Windows XP. As I couldn't nail down the reason I decided to speak to Microsoft and see whether they could shed any light on the problem. It turns out that the problem is caused by the credential manager in Vista. When connected to a VPN the credentials that you are signed onto the VPN with are cached and then used to authenticate when accessing resources on the local or remote network. When trying to access a DFS share the cached VPN credentials are submitted and access is denied. The second part of the issue is that Windows Vista will not default back to your local domain credentials following this failure. There are two ways of resolving this problem

1.) You can set the value of the following key to 1, Hkey_Local_Machine\System\CurrentControlSet\Control\Lsa\DisableDomainCreds. This turns off the caching off credentials and forces your domain credentials to be used when accessing resources on both the local and remote network.

2.) The second option is to run cmdkey /delete /ras from a command prompt once you have connected to the vpn. This will clear the cached vpn credentials from credential manager.  This is not really a long term fix as once you disconnect and reconnect the vpn, the credentials will be cached again and you will be back to square one.

Ghi chú: chưa kiểm tra với Windows XP!

Không có nhận xét nào:

Đăng nhận xét