cancel
Showing results for 
Search instead for 
Did you mean: 

Failed Logins on DC from Meraki VPN Client?

SOLVED
Conversationalist

Failed Logins on DC from Meraki VPN Client?

Recently we have implemented Meraki VPN client and have noticed a massive change of failed logins in the event log on the domain controller (ID: 4625) that display the users meraki email/username (which is different from the users samaccount) as the failed login account.

 

Any ideas why the VPN credentials are being sent to the DC?

 

VPN Client authentication is using Meraki Cloud.

1 ACCEPTED SOLUTION

Accepted Solutions
Head in the Cloud

Re: Failed Logins on DC from Meraki VPN Client?

Windows will use your VPN credentials by default to authenticate to network resources, unless you disable it. That's probably why you are seeing that.

 

You can change it by editing a value in the phonebook.

 

My scripty thing will do it automatically on setup, because I hate fixing stuff after the fact.

 

Basic PowerShell command is:

 

 

# For all-user connections
$PbkPath = Join-Path $env:PROGRAMDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk'

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

# For single user connection

PbkPath = Join-Path $env:APPDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk'

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

 

 

This edits your phonebook to change that variable to 0, thus forcing Windows to use the Windows credential to log into server resources.

7 REPLIES 7
Kind of a big deal

Re: Failed Logins on DC from Meraki VPN Client?

If your using Meraki Cloud authentication, pretty sure nothing is supposed to be using your AD at all.

 

Is it possible maybe the end user accidentally put their Meraki credentials into maybe something else that is relying on AD to authentication?

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Conversationalist

Re: Failed Logins on DC from Meraki VPN Client?

My thoughts exactly.

 

The event logs are showing 100's of attempts from a few users within the same time the event is logged, so there must be some sort of service or dependency that is attempting to use this VPN credential somewhere...

Head in the Cloud

Re: Failed Logins on DC from Meraki VPN Client?

Windows will use your VPN credentials by default to authenticate to network resources, unless you disable it. That's probably why you are seeing that.

 

You can change it by editing a value in the phonebook.

 

My scripty thing will do it automatically on setup, because I hate fixing stuff after the fact.

 

Basic PowerShell command is:

 

 

# For all-user connections
$PbkPath = Join-Path $env:PROGRAMDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk'

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

# For single user connection

PbkPath = Join-Path $env:APPDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk'

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

 

 

This edits your phonebook to change that variable to 0, thus forcing Windows to use the Windows credential to log into server resources.

Conversationalist

Re: Failed Logins on DC from Meraki VPN Client?

Thanks @Nash 

 

Just so i fully understand you, do i need to run that on every workstation that uses the VPN?

 

Kind regards,

Phill

Head in the Cloud

Re: Failed Logins on DC from Meraki VPN Client?

Every workstation that is having problems, yes. If you can deploy a PS script through a tool, it'll suck less. Otherwise it will need to be individually applied to each workstation.

 

Every time a VPN is created on that workstation, you'll need to modify the variable as well.

 

That's why I got lazy and baked it into our deployment process.

Conversationalist

Re: Failed Logins on DC from Meraki VPN Client?

Thanks @Nash - your a legend

Head in the Cloud

Re: Failed Logins on DC from Meraki VPN Client?

Aw, thanks, @Phill1. Despite not being an end user person, the one thing I am very good at is making the Meraki client VPN work in Windows. Especially on Windows 10, with its weird overlay on top of rasphone.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.