Cisco VPN users connecting to domain - connectivity issue

ruttrowgeorge · ‎01-26-2018

We have users that work at home that connect via the Cisco VPN software.

We are have several issues where single sign on and login history is blocked. For example, users cannot change their password remotely, it does not transfer over to the domain and sync with other resources. Also, the computer account does not show log in history, and the computer gets marked for deletion.

Are there any settings in the Cisco ASA firewall that would cause this? Or something in the Cisco VPN client.

Thanks,

Rob Ingram · ‎01-26-2018

Hi, Are you using the AnyConnect VPN client or the older VPN Client? Are you permitting full access to the network - as in does the computers have a full access to the AD domain? Split Tunnel?

I assume the computers are using the internal DNS servers and can resolve the Domain Controllers etc?

Are there any useful information in the Windows event logs? Access denied or unable to access Domain Controllers etc?

If you post your configuration we can have a look for you.

HTH

ruttrowgeorge · ‎01-29-2018

Good morning. We are using Cisco AnyConnect Secure Mobility Client 4.0.00048. I will look into your other questions and reply back. Some of the symptoms we see is,
- when a remote user's A/D password expires, and it gets changed, the old one is still on the local machine that is a member of the domain. The user would have to bring in the device to sync it.
- when the above occurs, other applications that would receive the password passed through does not receive it. The user has to manually change the password in other apps.
- Running gpupdate /force on the remote client's machine does not fix.