none
Disable creation of VPN "*Session" credential in Credential Manager without disabling all of Credential Manager? RRS feed

  • Question

  • Is there a way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all of Credential Manager?

    I know that you can disallow storing all domain creds in Credential Manager by setting the following registry entry to 1 (but this doesn't fix my issue):

     

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

    Value Name: DisableDomainCreds

    Value Type: REG_DWORD

    Value: 1

    On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account. Using the fix above fixes my issue with mapped drives (after sleep mode, reconnect to VPN and my mapped drives won't reconnect until I delete the '*Session' credential) but then I cannot use Outlook at all.  Note: I do not log on to Windows 8 with either of the domain accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook.



    Monday, June 17, 2013 3:53 PM

Answers

  • Hi,

    I'm sorry for my delay.This issue has baffled me.

    There is no way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all domain creds in Credential Manager.However,this is a solution for restoring the mapped drives .Try to follow the steps bellow:

    In the Group Policies Editor, open each of the following items in turn:

    Computer Configuration
    Windows Settings
    Security Settings
    Local Policies
    Security Options

    Now, right-click on the “Network security: LAN Manager authentication level” policy item, and then, from the context (pop-up) menu, select “Properties”.

    Now select the “Local Security Settings” tab, and then, in the dropdown box, locate and select “Send LM & NTLM – user NTLMv2 session security if negotiated”.

    Now click the OK button, and then finally, you may close the Group Policies Editor window.

    We also had a similar issue before:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/d74eb1c2-7b67-4b51-87d5-f7e02e6968a7/an-error-occurred-while-reconnectingthe-local-device-name-is-already-in-use-the-connection-has

    Regards

    Ted


    • Marked as answer by Ted Xie Tuesday, July 9, 2013 3:45 AM
    • Edited by Ted Xie Tuesday, July 9, 2013 3:52 AM modify
    Tuesday, July 9, 2013 3:35 AM

All replies

  • Hi,

    Thanks for posting in Microsoft TechNet forums.

    According to our understanding,Your organization connects to a network segment by a vpn connection,in order to use the mail server in that network segment,So when you disconnected the vpn connection,you can't  use outlook at all.

    But we feel uncertain that you can't reconnect the sharing dirves when you use the vpn connection.Because when you use a vpn connection,your computer has two ip address which are not in conflict.One ip address is assigned by the vpn connection.

    Please give us the error messages of reconnecting the mapped drives.It is probably a problem of mapping a network drive.

    For further help,don't hesitate to let me know.

    Ted

    Wednesday, June 19, 2013 6:32 AM
  • I should clarify my question: Is there a way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all domain creds in Credential Manager?

    On my Windows 8 Enterprise workstation, I use mapped drives with one domain account and Outlook with a different domain account.

    Normally I can use Outlook if I am connected to the vpn and I can use it if I am not connected to the vpn.

    Normally I can use the mapped drives if I am connected to the vpn and I I can use the mapped drives if I am not connected to the vpn.

    The vpn is essential for me to do my work for reasons other than the mapped drives and the usage of Outlook, but I need to be able to use the mapped drives and Outlook whether I am connected to the vpn or not.

    Let's say my two domain accounts are these: drive-account and outlook-account.  I must use the outlook-account for the connection to the vpn.  When I connect to the vpn, it creates the '*Session' credential in the Credential Manager for outlook-account, the mapped drives disconnect and they will not reconnect until I delete the newly created '*Session' credential.  The error is 'An error occurred while reconnecting <drive letter1:> to <\\network\path>  Microsoft Windows Network: The local device name is already in use.  This connection has not been restored.'  Further evidence that it is the '*Session' credential causing the failure to reconnect is that I have two mapped drives and if I disconnect one of them and try to reconnect the other one, I get a different error, 'An error occurred while reconnecting <drive letter2:> to <\\network\path2> Microsoft Windows Network: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.  This connection has not been restored.'  Manually recreating that first connection then allows me to get back into both, but I should not have to manually delete and recreate a mapped drive every time my computer goes to sleep.  At least the manual deletion of the '*Session' credential is slightly less intrusive, but I'd still appreciate if there is a way to disable the creation of the '*Session' credential without disabling all domain creds in Credential Manager.  As I have said, if I disable domain creds using the registry fix some have suggested, I do not get the drive errors (after sleep mode and reconnecting to vpn), but I cannot use Outlook at all.

    Note: I do not log on to Windows 8 with either of the domain accounts mentioned above (I use a local admin account) and I do not 'save my password' in Outlook.



    • Edited by LS1234567 Thursday, June 20, 2013 6:16 PM emphasis and spacing
    Thursday, June 20, 2013 6:06 PM
  • Hi,

    I'm sorry for my delay.This issue has baffled me.

    There is no way to disable creation of the VPN "*Session" credential in Credential Manager without disabling all domain creds in Credential Manager.However,this is a solution for restoring the mapped drives .Try to follow the steps bellow:

    In the Group Policies Editor, open each of the following items in turn:

    Computer Configuration
    Windows Settings
    Security Settings
    Local Policies
    Security Options

    Now, right-click on the “Network security: LAN Manager authentication level” policy item, and then, from the context (pop-up) menu, select “Properties”.

    Now select the “Local Security Settings” tab, and then, in the dropdown box, locate and select “Send LM & NTLM – user NTLMv2 session security if negotiated”.

    Now click the OK button, and then finally, you may close the Group Policies Editor window.

    We also had a similar issue before:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/d74eb1c2-7b67-4b51-87d5-f7e02e6968a7/an-error-occurred-while-reconnectingthe-local-device-name-is-already-in-use-the-connection-has

    Regards

    Ted


    • Marked as answer by Ted Xie Tuesday, July 9, 2013 3:45 AM
    • Edited by Ted Xie Tuesday, July 9, 2013 3:52 AM modify
    Tuesday, July 9, 2013 3:35 AM
  • Hi,

    I'm sorry for my delay.

    We will mark it as ‘Answered’ as the thread has been a long time.

    If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    Thanks for your understanding and efforts.

    Ted

    • Proposed as answer by wrbrownlie Monday, August 25, 2014 6:38 AM
    • Unproposed as answer by wrbrownlie Monday, August 25, 2014 6:39 AM
    Tuesday, July 9, 2013 3:44 AM
  • Hi,

    I have found that the below method has worked for me:

    Right click on the vpn's .pbk file and open it with notepad. (Remember to untick 'Always use this program for this file type')

    Roughly 5 lines down will be an entry 'UseRasCredentials=1'

    Change this to 'UseRasCredentials=0'

    Save the file.

    Connect to the VPN and check the credentials manager. There should be no 'Session' credential entry listed anymore.

    Cheers,

    Billy

    • Proposed as answer by wrbrownlie Monday, August 25, 2014 6:50 AM
    Monday, August 25, 2014 6:45 AM
  • Hi!

    Thank you very much.

    Exactly  what I need to solve my problem!!!

    Regards,

    Andrei

    Tuesday, January 12, 2016 1:27 PM
  • Wow - this worked for me 100% and will fix issues that have been going on for ages for our remote VPN users.

    Thank you very much!

    PS pbk files are found here: %userprofile%\AppData\Roaming\Microsoft\Network\Connections\PBK

    Thursday, May 4, 2017 12:19 PM
  • This works, thank you! Just tested on Windows 10 1803
    Wednesday, October 10, 2018 6:17 AM
  • Great solution.  Works a treat.  You're a life saver!
    Friday, January 10, 2020 6:35 AM