Vista connects to VPN then fails Windows Authentication for SQL & IIS on local LAN (SSPI)
On usenet Harolds reported: "When I am VPN'd into another network I get "Cannot generate SSPI context" in Microsoft SQL Server Management Studio when trying to Connect to Database Engine. This happens whether or not I have "Use default gateway on remote network" checked."jtn916 responded: "I have the same exact issue, along with my domain account constantly getting locked when I have a VPN connection, however, after making the vpn connection if you go to Control Panel User Accounts Manage User Accounts Advanced Tab Manage Passwords Delete the <dialup session> entry in the saved passwords which is added when you connect via VPN After doing so, my domain account isn't locked any more, nor do I have the SSPI error with SQL. Hope this helps. This must be repeated after each connection to a VPN. Does anyone know of a way to disable manage passwords? "In my own research I found Harolds' SQL Server SSPI issue also affects IIS web sites on the local LAN configured for Windows Authentication. When I connect to a remote VPN and then a web site on my LAN, this site receive the username for the VPN connection rather than the username for the domain shared by workstation and the IIS server. My work-around requires fewer clicks than the one suggested by jtn916. I've created a desktop shortcut:target: C:\Windows\System32\cmd.exe /c CMDKEY /delete /ras | CMDKEY /listicon: %SystemRoot%\System32\keymgr.dllCan anyone suggest a method that either eliminates the need to manage the stored credentials after each VPN connection, or one that removes the RAS credentials automatically after connecting?Thanks!Bill
August 28th, 2008 6:42pm

Hi, Try to do follow these steps: 1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter. 2. Open the file in Notepad. 3. Locate the following entry: UseRasCredentials=1 4. Modify the entry to the following: UseRasCredentials=0 5. On the File menu, click Save, and the click Exit. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2008 10:52am

Thanks! That was exactly what I needed. I found my PBK file here: C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk Perhaps a future version of the VPN user interface will implement a checkbox for this function.
September 1st, 2008 4:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics