Meraki

Community

Windows Domain Controller refusing connections from Client VPN User

IT_Tropolis
Getting noticed
‎Mar 27 2024 4:18 PM
‎Mar 27 2024 4:18 PM

Windows Domain Controller refusing connections from Client VPN User

Hi:

 

I have a client where the Domain Controller (Windows Server 2016) is refusing connections when he is logged into the Client VPN. He gets error, "The account is not authorized to log in from this station." He cannot even ping the DC. He can ping other servers. This behavior just started a few days ago.

 

When he is in the office on the LAN with the same device, a Windows 11 laptop, it connects to the DC successfully.

 

Thanks so much for any insights!


Bob H.

Labels:
0 Kudos
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 27 2024 4:29 PM
‎Mar 27 2024 4:29 PM

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
IT_Tropolis
Getting noticed
‎Mar 27 2024 4:54 PM
‎Mar 27 2024 4:54 PM

Hi @alemabrahao :

 

That article is not relevant because the user can connect to the Client VPN without any issues.  The issue is that after connecting to the Client VPN, he gets blocked from access the DC.  If he's in the office, on the LAN, with the same device/laptop, he can ping the DC no problems.

 

Thank you,
Bob

0 Kudos
In response to IT_Tropolis
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 27 2024 5:30 PM
‎Mar 27 2024 5:30 PM

Do you have any group policy applied?

 

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 27 2024 4:53 PM
‎Mar 27 2024 4:53 PM

More than likely his account in AD has a login restriction applied preventing him from logging into the AD controller.

 

0 Kudos
In response to PhilipDAth
IT_Tropolis
Getting noticed
‎Mar 27 2024 4:57 PM
‎Mar 27 2024 4:57 PM

Hi @PhilipDAth :

 

His account in AD does not have a login restriction.  If he's in the office, on the LAN, with the same device/laptop, he can ping the DC and access domain resources, no problems.  It's only when he's on the Client VPN this issue occurs.

 

Thank you,
Bob H.

0 Kudos
IT_Tropolis
Getting noticed
‎Mar 27 2024 6:00 PM
‎Mar 27 2024 6:00 PM

Think I figured out the issue though I haven't been able to test the resolution yet as I don't have access to cfg. the user's home router.  His home network is using same subnet as office subnet, which will cause conflicts I believe.  Plan to re-cfg. his home router to use different subnet.

0 Kudos
In response to IT_Tropolis
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 27 2024 6:39 PM
‎Mar 27 2024 6:39 PM

Yep, That is certainly the problem.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to IT_Tropolis
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 27 2024 6:57 PM
‎Mar 27 2024 6:57 PM

That will be it!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.