cancel
Showing results for 
Search instead for 
Did you mean: 

Windows Repeatedly Prompts For Logons When On VPN

New Contributor

Windows Repeatedly Prompts For Logons When On VPN

Hi,

I've spent time searching for a previous answer here and I can only assume its the keywords I'm using.

In our envrionment we are using a seperate credential set to build the VPN tunnel from the client.

Once connected, any domain connected device is prompting for a login.

Whilst our logs are pretty scant, it appears to be related to the PC trying to use the VPN Authentication Credentials to authenticate with any network device on the VPN network segment.

Once you authenticate with a server / service the session remembers the login used (till reboot)

In the Windows VPN world, this would be resolved with:

You'll need to locate your VPN connections .pbk file.
You can find it here:
C:\Users\{WindowsLogin}\AppData\Roaming\Microsoft\Network\Connections\Pbk
Or if you have it set to allow all users to use the connection, you can find it here:
C:\ProgramData\Microsoft\Network\Connections\Pbk
Edit it with a text editor and find the line that says:
UseRasCredentials=1
Disable it by setting it to 0
UseRasCredentials=0

Please can anyone help me find where on earth I set this in the pulse side as noone I have spoken to seems to understand the client or server...

Many thanks in advance.

3 REPLIES 3
Moderator

Re: Windows Repeatedly Prompts For Logons When On VPN

What do you expect to see instead of the servers asking for authentication?
Are the users logging in with the same credential to the PC as to the backend services?
If you do not do machine auth/credential provider for Pulse, does the behavior occur?
New Contributor

Re: Windows Repeatedly Prompts For Logons When On VPN

Hi,

Thanks for responding - it's much appreciated.

The user logs into a domain joined laptop with a domain account. This may be password or certificate based.

When not using the vpn, Kerberos/ntlm and Sso works seamlessly.

The VPN uses user certificate to authenticate (different credentials) and does not reference the active directory - instead it uses a seperate ldap database.

As soon as you make the vpn connection the same server that seamlessly authenticated 30 seconds ago prompts for login.

That could be SMB / RDP / IIS(using integrated authority) etc etc...

I would expect the vpn to be seamless and the user to continue authenticating using their logged in domain credentials.

I should add that this behavior is not happening on our windows 7 devices running the old juniper client.

It's just on Win10 where we have:
A) updated the agent
B) created a new Config
C) used the new agent

Hence I'm assuming there is an option setting we have missed.

Thanks in advance.

Moderator

Re: Windows Repeatedly Prompts For Logons When On VPN

Thank you for expanding on what you are seeing.
If you use the old agent with old config, but on Win10, do you see the expected/desired behavior?
If you use the old agent with the new config, but on Win10, what do you see?
If you use the new agent with the old config, on Win10, what do you see?