Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1955
Views
0
Helpful
2
Replies

*** VPN3000 - Authentication rejected: Reason = Unspecified handle ***

schm196
Level 1
Level 1

‎06-16-2005 08:23 PM - edited ‎02-21-2020 10:12 AM

Using Cisco VPN client 4.6.03.0021 on Windows XP SP2 to a Cisco VPN 3005 concentrator 4.7 release. Concentrator is not behind NAT, client is. We're using simple authentication with usernames/passwords via Active Directory/Kerberos.

Most of my users have no problem. Some users report persistent issues with establishing a connection. Concentrator logs "Authentication rejected: Reason = Unspecified handle" error messages but the users do enter the correct username and password, the username does exist in the Windows 2003 AD/Kerberos, and the authentication server is up and running and working fine at the same time for other users.

We started being more aware of this issue after the domain upgrade from 2000 to 2003 but I cannot positively correlate that that's exactly when the trouble began. So maybe that's an issue, maybe not.

Probably unrelated but I'll throw it in as well: Whatever combination of authentication servers I specify on the concentrator, its config file shows lots of stale entries that simply seem to get pushed down in priority - what's up with that? If I delete a server from the list then I want it gone from the config file... what's there not to understand, dear Cisco development engineer?

;-)

Anyway, any help would be greatly appreciated. Once upon a time there even was a TAC case open (601099658) but the responses were extremely sluggish and didn't help at all.

Thanks a lot...

- Matthias.

Labels:
0 Helpful
2 Replies 2

mchin345
Level 6
Level 6

‎06-22-2005 09:04 AM

Here is a document for Configuring the Cisco VPN 3000 Concentrator with MS RADIUS.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094700.shtml

0 Helpful

schm196
Level 1
Level 1
In response to mchin345

‎06-22-2005 10:41 AM

Thanks but we would like the concentrator to authenticate directly against the Windows AD/Kerberos without the additional layer of having to configure and maintain a RADIUS server.

0 Helpful
Customers Also Viewed These Support Documents