Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Keeping the cached and domain account passwords in sync using VPN in a

I'm running into issues keeping the PC's cached password and the password on the domain controller synchronized. In between mandatory password changes there is no issue. But when a users’ password has expired and they use the change password process supplied by the 3005 VPN concentrator (Radius with Expiry), the domain and PC passwords become out of sync. The domain is updated correctly and is looking for the new password, but the PC did not update and is looking for the old password. At that point you're in a catch22 scenario because if you use the new password it won’t match what the PC remembers (it’s looking for the old password) and your logon is refused. Using the old password, you will get passed the PC logon, but your account will not be able to access anything on the domain. Eventually your domain account will be locked out.

It seems the bottom line issue(s) is either the PC is not being updated by the VPN password change process but should be. Or, when using a VPN connection, the PC is not deferring to the domain controller for ID/password verification during the initial login process. I can’t be the only person who’s been here before. What did I overlook?

The PC is a windows 2000 machine using the Cisco VPN 3.6.2(B) client. VPN Client is setup to start at windows login. My concentrator is a Cisco VPN 3005 running vpn3005-3.6.7.F-k9.bin.

Thanks for your help.