Outlook 2003 connection from non-domain PC via VPN giving authentication error after latest client's

R

Rick Newton

I have a user with Outlook 2003 installed to their local syste,
Windows 2000 SP4 + SRP1, in a remote office. This client connects via
VPN back to our main office. They have done so for several months --
successfully.

However, after the last password change request for their domain
account Outlook now fails to allow a connection. There has been at
least one successful password change for the domain that did not cause
this adverse effect on Outlook connectivity.

Both the O/S and Outlook 2003 are completely up-to-date with patching.
The O/S is Windows 2000 Pro. The VPN connection is from a WatchGuard
SOHO 6/tc through to a WatchGuard Firebox 500. The user's local IP
addressing (client side) is DHCP provided by the SOHO in the
192.168.x.y range and, the LAN on the other side of the VPN is in the
10.10.x.y range from the Windows SErver 2003 SBS w. Exchange 2003
(also both of these are completly up-to-date for
patching/service-packs).

The user has a local ID/PWD which differ from the domain ID/PWD in the
password only, so Outlook has always prompted for the ID, PWD and
domain before allowing an on-line connection. The curernt Outlook
connection settings do not use cached mode.

Fine enough until about 2 weeks ago when the error began to appear,
and the domain account would get locked out. The error begins:

"Your logon information was incorrect. Check you username ..."

However, using the Remote Desktop Client across the VPN would allow
access to the domain account via Terminal Server login usign the same
ID, PWD and domain refused by Outlook.

I have attempted changing the password, removing the local system
user's Outlook configuration, etc. (folder and all). This resulted
in the authentication working, BUT only until the user either logged
off the system, or shut it down and restarted -- at which time the
failure notification and account lock-out would again occur.

I've created what appears to be a termporary solution -- I don't want
this to be the permanent solution!!! -- by synchronizing the ID and
Password on the domain with the local system ID/PWD, and set these
passwords (local system and domain) not to expire. Obviously a bad
option for security reasons.

I cannot think of any reason that these two passwords must be
synchronized to allow access through Outlook to the domain/exchange
server for this individual. Unfortunately, he is the only individual
with this configuration (he has an iPAQ he wishes to synchronize with,
and he is the company's president so I can't take the iPAQ away...);
everyone else uses Outlook through a Terminal Server connection
succesfully (as does he...).

Any ideas what I need to do to correct this issue!!!! To again allow
the domain and loca,l user passwords to be unsynchronized? I don't
want to i) leave the non-password-change setting and ii) have to
explain (over and over again) how to maintain the two passwords the
same when the domain password change request occurs every 45 days.


Thanks,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top