06-16-2005 08:23 PM - edited 02-21-2020 10:12 AM
Using Cisco VPN client 4.6.03.0021 on Windows XP SP2 to a Cisco VPN 3005 concentrator 4.7 release. Concentrator is not behind NAT, client is. We're using simple authentication with usernames/passwords via Active Directory/Kerberos.
Most of my users have no problem. Some users report persistent issues with establishing a connection. Concentrator logs "Authentication rejected: Reason = Unspecified handle" error messages but the users do enter the correct username and password, the username does exist in the Windows 2003 AD/Kerberos, and the authentication server is up and running and working fine at the same time for other users.
We started being more aware of this issue after the domain upgrade from 2000 to 2003 but I cannot positively correlate that that's exactly when the trouble began. So maybe that's an issue, maybe not.
Probably unrelated but I'll throw it in as well: Whatever combination of authentication servers I specify on the concentrator, its config file shows lots of stale entries that simply seem to get pushed down in priority - what's up with that? If I delete a server from the list then I want it gone from the config file... what's there not to understand, dear Cisco development engineer?
;-)
Anyway, any help would be greatly appreciated. Once upon a time there even was a TAC case open (601099658) but the responses were extremely sluggish and didn't help at all.
Thanks a lot...
- Matthias.
06-22-2005 09:04 AM
Here is a document for Configuring the Cisco VPN 3000 Concentrator with MS RADIUS.
06-22-2005 10:41 AM
Thanks but we would like the concentrator to authenticate directly against the Windows AD/Kerberos without the additional layer of having to configure and maintain a RADIUS server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide