AD credentials refresh after login

Alexandru 1 Reputation point
2021-04-14T10:18:04.083+00:00

Hi,

We are implementing an AD infrastructure, and we ran into an issue with remote colleagues: they login remotely (so with stored ad credentials), and after that they open a VPN to the office. When they try to access shared resources, they get denied, as thy are not actually logged in to the domain.

The only way I found so far is to login to the VPN, logoff from Windows and login again while the VPN is up. We use a 3rd party VPN solution, so we can't implement always ON VPN, or at least we don't have another dedicated Windows server to implement VPN.

Is there any way they can actually refresh their AD login after connecting to the VPN, from a script or something?

Thank you,

Alex

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,665 questions
{count} votes

7 answers

Sort by: Most helpful
  1. Daisy Zhou 12,921 Reputation points Microsoft Employee
    2021-04-15T02:57:28.053+00:00

    Hello @Alexandru ,

    Thank you for posting here.

    To better understand your question, please confirm the following information at your convenience.

    1.Which domain does the machine belong to(such as domain 1), and then the user logs in to initiate a remote using stored AD credentials?

    2.Which domain account does the user belong to (such as domain 1), and then the user logs in to initiate a remote using stored AD credentials?

    3.Which domain does the stored AD credentials belong to (such as domain 2)?

    4.Based on "and after that they open a VPN to the office. When they try to access shared resources, they get denied, as thy are not actually logged in to the domain." Is there a credential dialog box popping up for you to provide credentials when they try to access shared resources?

    5.If so, what domain credential did you provide (such as domain credential in domain 2)?

    6.Would you please provide the screenshot with error message when they get denied?

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    No comments

  2. Alexandru 1 Reputation point
    2021-04-15T12:47:54.723+00:00

    Thank you for the answer Daisy!

    We have a single domain. The computer is registered to the domain, but as the colleague is not in the office, he/she logins as offline. Then she connects to the VPN so reaches the office network. The NAS shared folder is mapped as a network drive and fails to connect.

    If she connects to the VPN, logs off, and back in (so the VPN is active), everything works ok. This is getting frustrating though, as the VPN may disconnect during the day, so they need to close all opened files and apps in order to log back in.
    I attached the requested screenshot.

    88110-sharedfolder.png

    Thank you,
    Alex

    No comments

  3. Daisy Zhou 12,921 Reputation points Microsoft Employee
    2021-04-16T09:14:19.22+00:00

    Hello @Alexandru ,

    Thank you for your update.

    We can run the following commands to see if it helps.

    klist purge and klist purge -li 0x3e7

    nltest /sc_verify:domain name

    88565-nl1.png

    Nltest
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731935(v=ws.11)

    Best Regards,
    Daisy Zhou

    No comments

  4. Alexandru 1 Reputation point
    2021-04-16T14:47:35.61+00:00

    Hi,

    I tried the commands, but there's no change.
    PS C:\Windows\system32> klist purge

    Current LogonId is 0:0xf91c9b
    Deleting all tickets:
    Ticket(s) purged!
    PS C:\Windows\system32> klist purge -li 0x3e7

    Current LogonId is 0:0xf91c9b
    Targeted LogonId is 0:0x3e7
    Deleting all tickets:
    Ticket(s) purged!

    PS C:\Windows\system32> klist purge -li 0xf91c9b

    Current LogonId is 0:0xf91c9b
    Deleting all tickets:
    Ticket(s) purged!
    PS C:\Windows\system32> nltest /sc_verify:ad.sipstatus.com
    Flags: b0 HAS_IP HAS_TIMESERV
    Trusted DC Name \SSTADDC2.ad.sipstatus.com
    Trusted DC Connection Status Status = 0 0x0 NERR_Success
    Trust Verification Status = 0 0x0 NERR_Success
    The command completed successfully
    PS C:\Windows\system32>

    I noticed here that the trusted DC is the backup domain controller (ADDC1 is the master). No tsure if this has any impact, but I seemed strange.

    Thank you,
    Alex

    No comments

  5. Daisy Zhou 12,921 Reputation points Microsoft Employee
    2021-04-19T07:52:00.707+00:00

    Hello @Alexandru ,

    Thank you for your update.

    If it does not work above, I think we should connect VPN and after connecting to VPN ,sign out and sign in again to connect to the domain as you mentioned in the original post.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    No comments