Windows 10: Local domain credentials issue after connecting to different domain via VPN

Hello


I have finally discovered why I sometimes have issues connecting to local resources.


I am presently working from home. I establish a VPN connection to my work network located at our office and then use Remote Desktop to connect to my PC - mydomain\myname


While logged on to my work's PC I will use that to establish a VPN connection to another organisation's network we provide support to - theirdomain\myname. I then use Remote Desktop to connect to their server...


What I have discovered is that while the VPN connection from my work computer to the other organisation's network is active I am unable to browse my own domain. Clicking mapped drives does nothing. Typing \\servername\sharename either does nothing or reports the resource cannot be found.


If I disconnect the VPN tunnel I can access our domain network without problems. I noticed today that a dialog flashed up and disappeared stating the credentials I was using were invalid - it quoted the credentials for the other organisation - theirdomain\myname which obviously will not work.


A search simply brings up oodles of results regarding logging into a local domain.


Is there a Policy setting or something similar that will separate the credentials and prevent those I supply to the other organisation from being used on my work's domain?


Thank you.


Mark

:)

 

Local Session Manager and Domain Logins

Bought two new laptops (Lenovo Yogas) both came pre installed with windows 10 Pro. I have two users who can log in to their domain accounts while on our network however when they go anywhere else it states that they cannot find our domain. Our AD is configured
to allow domain login using stored credentials however they receive an error that the domain is not available. Here's where it gets really odd, if I have them log in locally and shut off the wifi then reboot it allows them to connect using their domain credentials
and then turn their wifi back on to vpn and connect to our network again. Any ideas??

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

Trouble setting up VPN access to domain

I have a new laptop that has Windows 10 Pro on it and it has been joined to the domain of our network.

I will need to have remote connection to the domain through a VPN. The domain controller is running Windows Server 2008 and the roles for VPN as well as certificate authority have been installed and appear to be running correctly.

My first step to get the laptop to use a VPN connection is to set one up to test while in the local network, using the server's internal IP address. Once that works, the next step will be to attempt to connect from a remote connection to see that the router's
port forwarding is set up correctly to route the connection to the domain controller.

Trying to connect, when logged in using a domain account, I get, "The certificate's CN name does not match the passed value."

Logging in with a non-domain account, I get this response:





I cannot find instructions on what, if anything, needs to be done to place a certificate on the laptop (I can export it on the server). I attempted to install it when logged into the domain account using Control Panel, but I cannot recall what I did.

I also cannot find how to select the type of VPN to use, as I would prefer to use SSTP.

What am I missing?