cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7980
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

There are possibly many reasons for extended authentication with Active Directory (AD) to fail for VPN client, but one of the common reasons is the Do not require Kerberos pre-authentication setting under the user profile on the AD.

The Do not require Kerberos pre-authentication setting overrides the default setting that the Kerberos Key Distribution Center requires all accounts to use pre-authentication. The default setting makes offline password-guessing attacks very difficult. You can choose to override the default setting for individual accounts when necessary for compatibility with other implementations of the protocol.

Resolution

Complete these steps in order to resolve this issue:

  1. Open Active Directory Users and Computers.

  2. In the console tree, click Users, or choose the folder that contains the user account.

  3. Right-click the user account, and then choose Properties.

  4. On the Account tab, scroll through the Account options and choose the Do not require Kerberos pre-authentication checkbox, and then click OK.

  5. Try the connection again, and it should now work.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: