locked
Vista connects to VPN then fails Windows Authentication for SQL & IIS on local LAN (SSPI) RRS feed

  • Question

  • On usenet Harolds reported:

    "When I am VPN'd into another network I get "Cannot generate SSPI context" in Microsoft SQL Server Management Studio when trying to Connect to Database Engine.

    This happens whether or not I have "Use default gateway on remote network" checked."

    jtn916 responded:

    "I have the same exact issue, along with my domain account constantly  getting locked when I have a VPN connection, however, after making the vpn connection if you go to

    Control Panel
    User Accounts
    Manage User Accounts
    Advanced Tab
    Manage Passwords
    Delete the <dialup session> entry in the saved passwords which is added when you connect via VPN

    After doing so, my domain account isn't locked any more, nor do I have the SSPI error with SQL.

    Hope this helps.  This must be repeated after each connection to a VPN.


    Does anyone know of a way to disable manage passwords? "

    In my own research I found Harolds' SQL Server SSPI issue also affects IIS web sites on the local LAN configured for Windows Authentication.  When I connect to a remote VPN and then a web site on my LAN, this site receive the username for the VPN connection rather than the username for the domain shared by workstation and the IIS server. 

    My work-around requires fewer clicks than the one suggested by jtn916.  I've created a desktop shortcut:
    target:  C:\Windows\System32\cmd.exe /c CMDKEY /delete /ras | CMDKEY /list
    icon: %SystemRoot%\System32\keymgr.dll

    Can anyone suggest a method that either eliminates the need to manage the stored credentials after each VPN connection, or one that removes the RAS credentials automatically after connecting?

    Thanks!

    Bill

    Thursday, August 28, 2008 3:42 PM

Answers

  • Hi,

     

    Try to do follow these steps:

     

    1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter.

    2. Open the file in Notepad.

    3. Locate the following entry: UseRasCredentials=1

    4. Modify the entry to the following: UseRasCredentials=0

    5. On the File menu, click Save, and the click Exit.

     

    Hope it helps.

     

    Monday, September 1, 2008 7:52 AM
    Moderator

All replies

  • Hi,

     

    Try to do follow these steps:

     

    1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter.

    2. Open the file in Notepad.

    3. Locate the following entry: UseRasCredentials=1

    4. Modify the entry to the following: UseRasCredentials=0

    5. On the File menu, click Save, and the click Exit.

     

    Hope it helps.

     

    Monday, September 1, 2008 7:52 AM
    Moderator
  • Thanks!  That was exactly what I needed. 

     

    I found my PBK file here:  C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk

     

    Perhaps a future version of the VPN user interface will implement a checkbox for this function.
    Monday, September 1, 2008 1:59 PM
  • Hi.

    I am having this exact same problem but the UseRasCredentials=0 doesn't work for me.

    Friday, October 4, 2013 2:41 PM