Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

Use NetExtender Prelogon with "Disable cached-account logon" GPO feature

ITVDMITVDM Newbie ✭
in SSL VPN

Hello !

I've an issue with NetExtender (331 and 336 also), and more specifically with the PreLogon functionality. To take advantage of this option and secure access from remote laptop, I want user to be forced to connect with NetExtender before opening a Windows session like an MFA, with OTP sended.

To guarantee this operation, I've disabled Windows sessions caching (Disable cached-account logon in GPO), which involves communication with the domain controller to allow user authentication and open session. 

The problem is that in the process of connecting to NetExtender with PreLogon, the client first captures the user's login and try to login into Windows as soon as the connection with NetExtender is successful.

The attempt runs too quickly - without waiting for the computer to be able to contact the domain controller - and thus generates an error on each attempt (domain not reachable). If the password is re-typed right after, it works well, because a delay of a few seconds was enough to establish the PC / DC link or use NetExtender VPN interface.

Afters somes tested things, I’ve added 2 DC DNS to physical network card. Sometimes it works, with little pause before submitting credentials, and sometimes no. In reality, I don't think that changes somethings, maybe chance. I don’t know how works NetExtender in this specific case, but It works randomly, maybe 1 on 2 times, with below error message when failed.

Anyone configured and used NetExtender Pre-Logon with disabled caching Windows session with success ? Or already encounter this problem and find a solution ?

Thanks a lot, it really important for us to run properly this fonctionnality.

Environnement : Windows 11 Pro, NetExtender 10.2.331 and 10.2.336 client, SMA 410 Appliance and NSA 4700 front, Windows Defender

Sorry for my english,

Regards, L.

image.png


Category: SSL VPN
Reply
Tagged:

Answers

  • Options
    ITVDMITVDM Newbie ✭

    This issue is resolved by NetExtender version 10.2.337 wich order asked credentials is inververted (Nx connection realized before user can type his login).

Sign In or Register to comment.