We have a vendor application that is installed on our machines. It uses TCP/IP to communicate with the Vendor Servers. For this to work, our IP address should be whitelisted by Vendor Firewall.
All our workstations are windows machines logged in with Windows AD account. Everything worked normally. We wanted to have a continuity plan to work on this application in case our corporate network goes down. So, we decided to have a Wireless Datacard, have
a Static IP and provided to vendor for whitelisting. It was done.
Now, as we test this, we come out of our office network (LAN/WAN) and launched the application with Wireless Datacard internet. And the application doesn't launch, after through testing, we found that application is trying to re-authenticate with domain controller
and it fails to do, because we are not in LAN/WAN/VPN of office network.
Couldn't understand what is driving it, may be because we are logged into system with AD account. Although it can validate with local system cache which already got the AD credentails saved, not sure why it had to go to domain controller. And to prove this,
we launch the application with Run as...different user and provided a local system account, and then app launched normally.
We checked with vendor, and he denies his app doesn't perform any authentication. And we are not sure what and why it doesn't work. May be the app is logging to some SQL servers of the vendor servers.
Please tell is there any setting in OS or group policy or any other registry which will force the application to authenticate with local system cache without hitting domain controller. Or see if we can prevent this authentication and launch. Appreciate your
advise. please help.
When not in network, Application unable to launch because it is trying to authenticate with Domain Controller instead of local cache
September 25th, 2013 6:26pm
Can you launch the application while logged on with a local account - while off your office network?
How exactly did you find out that "application is trying to re-authenticate with domain controller"?
hth
Marcin
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2013 6:43pm
Thanks for your reply Marcin.
Yes, app launches with local account while not on office network. We didn't see exactly that app is hitting domain controller, but may be app provokes the OS, when the app is launched a request goes to DC when on office network or on wireless internet. we saw it using wireshark trace.
Off network, when on wireless internet, app fails to launch since DC is not reachable. But if we connect to office network thru VPN from wireless internet, app launches because DC is reachable via VPN.
The other way is, when not in network, using wireless internet, as we are logged into system with AD account, we must launch the app with local system account (Using Run as..) and it works. But this solution cannot be provided to users.
Thnx/Rongali
- Edited by LocaterHI Thursday, September 26, 2013 12:56 AM
September 26th, 2013 1:41am
Thanks for your reply Marcin.
Yes, app launches with local account while not on office network. We didn't see exactly that app is hitting domain controller, but may be app provokes the OS, when the app is launched a request goes to DC when on office network or on wireless internet. we saw it using wireshark trace.
Off network, when on wireless internet, app fails to launch since DC is not reachable. But if we connect to office network thru VPN from wireless internet, app launches because DC is reachable via VPN.
The other way is, when not in network, using wireless internet, as we are logged into system with AD account, we must launch the app with local system account (Using Run as..) and it works. But this solution cannot be provided to users.
Thnx/Rongali
- Edited by LocaterHI Thursday, September 26, 2013 12:56 AM
Free Windows Admin Tool Kit Click here and download it now
September 26th, 2013 1:41am
Have you tried to compare Wireshark traces captured when launching the app as a domain user and as a local user while off the office network? This might give you some clues. Can you post your findings?
hth
Marcin
September 26th, 2013 1:58am
Hi,
Are there any updates on this issue now?
Please let us know the latest situation, so we could help you solve this issue efficiently.
Best Regards,
Amy WangFree Windows Admin Tool Kit Click here and download it now
September 29th, 2013 10:50pm
Hi Marcin,
We are unable to capture the wireshark traces on the Wireless datacard connection. We found the application has sql connection registry settings.. it is connecting to a SQL server. May be because of that OS is trying to authenticate windows AD credentials with DC when launching the application.
When on Wireless internet, since we are not in office network, DC is not reachable and app fails to launch. If we run the app with local system account using Run as.. app launches.
Is there a way to force the OS to authenticate the AD credentials locally ? OR is there any SQL client registry settings.. to by pass this/disable authentication ?
September 30th, 2013 5:53am
Hi Amy,
NO, this is not yet resolved, i have replied above. Please see.
Thnx/Rongali
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2013 5:56am
HI,
You may need to enable the APP to allow anonymous access.
October 2nd, 2013 5:18am
This topic is archived. No further replies will be accepted.
Other recent topics
