Vista connects to VPN then fails Windows Authentication for SQL & IIS on local LAN (SSPI)
On usenet Harolds reported:
"When I am VPN'd into another network I get "Cannot generate SSPI context" in Microsoft SQL Server Management Studio when trying to Connect to Database Engine. This happens whether or not I have "Use default gateway on remote network" checked."jtn916 responded:
"I have the same exact issue, along with my domain account constantly getting locked when I have a VPN connection, however, after making the vpn connection if you go to
Control Panel User Accounts Manage User Accounts Advanced Tab Manage Passwords Delete the <dialup session> entry in the saved passwords which is added when you connect via VPN
After doing so, my domain account isn't locked any more, nor do I have the SSPI error with SQL.
Hope this helps. This must be repeated after each connection to a VPN.
Does anyone know of a way to disable manage passwords? "In my own research I found Harolds' SQL Server SSPI issue also affects IIS web sites on the local LAN configured for Windows Authentication. When I connect to a remote VPN and then a web site on my LAN, this site receive the username for the VPN connection rather than the username for the domain shared by workstation and the IIS server. My work-around requires fewer clicks than the one suggested by jtn916. I've created a desktop shortcut:target: C:\Windows\System32\cmd.exe /c CMDKEY /delete /ras | CMDKEY /listicon: %SystemRoot%\System32\keymgr.dllCan anyone suggest a method that either eliminates the need to manage the stored credentials after each VPN connection, or one that removes the RAS credentials automatically after connecting?Thanks!Bill
August 28th, 2008 6:42pm
Hi,
Try to do follow these steps:
1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter.
2. Open the file in Notepad.
3. Locate the following entry: UseRasCredentials=1
4. Modify the entry to the following: UseRasCredentials=0
5. On the File menu, click Save, and the click Exit.
Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2008 10:52am
Thanks! That was exactly what I needed.
I found my PBK file here: C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk
Perhaps a future version of the VPN user interface will implement a checkbox for this function.
September 1st, 2008 4:59pm