I realize this is an old thread, but I was having the same problem getting the CDA to log into my AD. I am using a user with Domain Admin privileges and had rechecked the registry key permissions multiple times with no luck, and wasn't finding a lot ...
Have you considered using DMVPN as an alternative. That way you could treat it as routed traffic and have it participate in OSPF with your other locaitons. You could choose to run the tunnel in gre multi-point to allow spoke-to-spoke communications i...