Authenticain trouble /"The user xxxx has already been tried and does not have access"

[Anders Biro]

Hello, I got this situation that my users connect to the corporate network
with a VPN client and occasionally some of the users get this message when
attempting to connect to file resources.
The laptops are normally part of a network domain and outside the network
the users log in with their cached domain credentials. From VPN mode file
access is granted from an extra logon prompt (domain/username) and most of
the time this works fine.
However, some users report that they get access denied and whenever they
provide explicit logon details they end up with following error message:
"The user xxxx has already been tried and does not have access"

The only way the users can get around this is logging on locally instead and
from there the authentication works fine. It seems like the cached domain
credentials somehow does not work so is there a way to completely wipe the
cache clean?
Is this error message familiar and why does it occur when I know for sure
the credentials are correct?

/Regards Anders

 

[Frankster]

I haven't see this error, but, by thoughts are... it appears that your VPN
client is attempting to pass the domain credentials, and since a domain
controller cannot be found it is failing. Or, since the VPN account is not a
domain account, it is failing. Logging on locally would present a
"non-domain" user account.

Don't know what client you're using, but this probably depends on the client
config.

-Frank

 

[Anders Biro]

The way I interpret standard IPSEC-clients is that they pretty much run
behind the scenes and do not take active part in delivering credentials to
domain-controllers.
Still, it seems like faulty credentials are transmitted and you are not even
given the opportunity to enter explicit credentials so the question is
whether it is possible to completely clear all client cached credentials so
you must enter it explicitly?

/Regards Anders