Windows Domain Controller refusing connections from Client VPN User

IT_Tropolis
Getting noticed

Windows Domain Controller refusing connections from Client VPN User

Hi:

 

I have a client where the Domain Controller (Windows Server 2016) is refusing connections when he is logged into the Client VPN. He gets error, "The account is not authorized to log in from this station." He cannot even ping the DC. He can ping other servers. This behavior just started a few days ago.

 

When he is in the office on the LAN with the same device, a Windows 11 laptop, it connects to the DC successfully.

 

Thanks so much for any insights!


Bob H.

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
IT_Tropolis
Getting noticed

Hi @alemabrahao :

 

That article is not relevant because the user can connect to the Client VPN without any issues.  The issue is that after connecting to the Client VPN, he gets blocked from access the DC.  If he's in the office, on the LAN, with the same device/laptop, he can ping the DC no problems.

 

Thank you,
Bob

alemabrahao
Kind of a big deal
Kind of a big deal

Do you have any group policy applied?

 

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

More than likely his account in AD has a login restriction applied preventing him from logging into the AD controller.

 

IT_Tropolis
Getting noticed

Hi @PhilipDAth :

 

His account in AD does not have a login restriction.  If he's in the office, on the LAN, with the same device/laptop, he can ping the DC and access domain resources, no problems.  It's only when he's on the Client VPN this issue occurs.

 

Thank you,
Bob H.

IT_Tropolis
Getting noticed

Think I figured out the issue though I haven't been able to test the resolution yet as I don't have access to cfg. the user's home router.  His home network is using same subnet as office subnet, which will cause conflicts I believe.  Plan to re-cfg. his home router to use different subnet.

alemabrahao
Kind of a big deal
Kind of a big deal

Yep, That is certainly the problem.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

That will be it!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels