Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
10
Helpful
2
Replies

CWS with multiple domain users sharing a computer off work

Go to solution
rick505d3
Level 1
Level 1

‎09-04-2013 05:29 AM

Hi,

I need to know if this is an expected behaviour and if there is a workaround to this. I have AnyConnect Web Security (3.1.04063) installed on Windows 7 Enterprise computer that is part of a Windows domain. Two domain users login to the computer at work. When User1 logs in and visits "whoami.scansafe.net", his relevant user/group info is displayed in the browser. When User1 logs off and User2 logs in, the page correctly displays info for User2 in the browser.

However, if at this point the computer is then taken off the work network say a home/public network where AD domain servers are not available. Both User1 and User2 can still logon to Windows but for both of them the "whoami.scansafe.net" page display the info for User2 only. It doesn't change even if the computer is restarted and User1 logs in - still User2 scansafe info is displayed. This happens to User1 untill the PC is brough up on Work network where Windows Logon service is available and User1 can now correctly see his scansafe info in the browser.

Shouldn't Web Security client app be pulling the info relevant to the logged on user for both on and off work networks ? If this is expected, is there a docu reference to this ?

Thanks,

Rick.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-04-2013 10:04 PM

Hi Rick,

That is the expected behaviour of AnyConnect Web Security (ACWS).

Reason is when you are off the network, ACWS will use the cached credential of the user who last login. In your example, if user2 is the last to login when he/she is connected to the work network, then his/her user credential will be cached.

It uses the information from the output of gpresult/r.

Regards, Jen

View solution in original post

2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-04-2013 10:04 PM

Hi Rick,

That is the expected behaviour of AnyConnect Web Security (ACWS).

Reason is when you are off the network, ACWS will use the cached credential of the user who last login. In your example, if user2 is the last to login when he/she is connected to the work network, then his/her user credential will be cached.

It uses the information from the output of gpresult/r.

Regards, Jen

Go to solution
rick505d3
Level 1
Level 1
In response to Jennifer Halim

‎09-04-2013 10:29 PM

Thanks Jen,

Regards,

Rick.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents