10-30-2002 06:52 AM - edited 03-02-2019 02:30 AM
Apologies in advance for the rather long winded nature of this message. Hopefully you'll understand what I'm talking about.
We have a Cisco RSA Ace/server remote access system. On the outside of our network is a 2600 router which is connected to our firewall (Checkpoint firewall-1 v4.1 SP5 running on NT4 SP6a) via it's DMZ interface card.
We have found that in order to get a user logged onto our domain over the RAS, their computer must have previously logged onto to domain whilst connected directly to the LAN (ie the user's profile must be on the computer already).
If I dial in using a computer without my profile on there, it will let me create a computer account on the domain, but when attempting to log in it says the domain is unavailable. Authentication on the RAS router is not a problem.
We have other WAN links which allow users at other sites to log in without their profiles being already set up, so the firewall services etc are already in place, and as far as I can see, the RAS should behave the same as those WAN links as it has been put in the same groups etc on the firewall.
Can anyone suggest any reason why it won't let us do this?
Regards,
Phil.
11-05-2002 08:27 AM
Hi Phil,
Not very clear what is wrong. May be this page might be of some help.
11-05-2002 08:37 AM
Found the answer to this one. It is simply a matter of waiting one minute after receiving the "cannot logon because the domain is unavailable" message, then attempting the domain logon again, and then it works. I found this hint on a page talking about VPNs.
Thanks for your response.
Phil.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide