Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

AD Cached Credentials Not Updating Via NetExtender

CFTCFT Newbie ✭

When remote users with domain joined computers that are connecting via NetExtender change their password the user’s Active Directory password changes, but client’s password is not updated.

The users have to log into their workstation with the old password, but log into the VPN with their new password.

Category: VPN Client
Reply
Tagged:

Answers

  • shiprasahu93shiprasahu93 Moderator
    edited June 2020

    @CFT,

    Welcome to SonicWall community.

    Are the VPN users imported on the firewall? We should just import the VPN user group and let the authentication reflect from the AD itself.

    If imported, we would need to re-import them if any changes are made. Could you please check that?

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • CFTCFT Newbie ✭

    I have an SMA 200.

    The portal settings are:

    Authentication type Active Directory

    Allow password change ON

    Use SSL/TLS on

    Auto-assign groups at login ON

    The work stations are Windows 10 Pro

    The domain controller 2008 R2

    Domain group policy requires a password change every 90 days. 

    My firewall is TZ400.

  • Including @Vijay_Kumar_KV and @Simon for their inputs on the SMA side.

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Roger12345Roger12345 Newbie ✭

    I'm so glad that I saw this post because we have been experiencing the same issue for the past week or so. I have no idea what would have changed to cause this and it's only happening with the NetExtender connection. We also have a Global VPN connection setup for some users and when this happens for them our current workaround is to connect with the Global VPN and update the local cached credentials. They can then switch back to using the NetExtender connection with no problems. Perhaps a recent windows update changed something that has caused this?

    We have an NSA 3600 and are using LDAP for authentication against a Windows Server 2019 AD Domain Controller. We've been using the same settings for a long time now with no changes and suddenly this started happening. All of our users are still on Windows 10 Pro/Enterprise 1909.

  • Hello @Roger12345,

    Welcome to SonicWall community.

    I think the symptoms are similar, but in @CFT 's case the issue is while connecting to SMA and in your case it is while connecting to the SonicWall NSA 3600 itself.

    Could you please let us know the firmware version you are running on the NSA 3600 and the version of NetExtender that you are testing from?

    Also I see that you are using a 2019 server where as @CFT is on 2008 R2. This definitely needs some investigation.

    I could not find any reported issues on this yet.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Roger12345Roger12345 Newbie ✭

    Hi @shiprasahu93 yes sorry, you are correct that this is while connecting to the NSA 3600 itself. We are running the latest firmware version (6.5.4.6-79n) and the latest NetExtender version (9.0.279) since that updates automatically when the NSA 3600 firmware version is updated.

    Come to think of it, this only started happening after we upgraded to the latest firmware version earlier this month so maybe it is related to that.

  • @Roger12345,

    That is definitely something we should test. Could you please contact our support team so that we can replicate and confirm the same and find out if this started after the upgrade? You can use the link below to contact support.

    I do not see anything like this reported already, so we can start working on it.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • CFTCFT Newbie ✭

    I submitted a ticket yesterday.

    It’s not new we have experienced the issue on at least one workstation before the upgrade.

    Since March more of our users have been working remotely and for longer periods of time.

    I did not advise the users to try the GVC to see if that fixed the problem.

    It’s my understanding that the Windows Local Security Authority Subsystem Service (LSASS) handles password changes on the client.  

  • @CFT,

    So, just to clarify, are you connecting using the NetExtender to the SMA or the TZ 400?

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • CFTCFT Newbie ✭

    The SMA were are not using the VPN on the TZ 400

  • Roger12345Roger12345 Newbie ✭

    I just wanted to provide a quick update that our issue is resolved and it had nothing to do with SonicWALL. There was an issue with one of our domain controllers that needed to be fixed. I think the reason why it worked fine with the GVC was because that connection was not trying to use that domain controller while the NetExtender connection was.

  • Hey @Roger12345,

    That's amazing news. Would you like to share what changes to the DC fixed the issue? It might help @CFT as he is having the same problem.

    Thank you!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • TP_ahaasTP_ahaas Newbie ✭

    Yes, please share @Roger12345 as we are experiencing this exact issue.

  • CFTCFT Newbie ✭

    Here is what I found:

    We use AD, the password for authentication was changed on the Domain Controller's Active Directory, but I forgot to update it in the VPN Portal settings.

    Portals / Domains / Edit Domain 'XXXXXX' 

Sign In or Register to comment.