Problem solve Get help with specific problems with your technologies, process and projects.

Can a password be changed remotely through a VPN?

We have users working from home. They access the corporate network using cached logins via dial-up ISPs, and then use VPN (using Check Point VPN-1). The problem is that when a user's password expires on the domain, the user can no longer use remote access until he/she comes into the office and logs into the domain. Is there a mechanism to change a password after you have logged in (using the cached login)?
I think you have correctly identified the problem, the clients are using a cached password; they don't have a current domain logon. Here's what might be happening: the client is looking for the name of the primary domain controller (PDC) emulator in the domain and wants to establish an RPC (remote procedure call) connection with the Local Security Authority ( LSA) on the PDC emulator. By default, LSA has no endpoint mapped for TCP/IP -- it works with named pipes. Clients logged onto the domain have no problem making a named pipes connection and changing their passwords. (Therefore, your folks go to the office and can do so -- they are logging on to the domain).

So, what can we do? Well, there is a registry tweak that you can try. However, remember all the dire warnings about modifying the registry and all that -- have a backup, etc. -- then change the registry on the PDC emulator in the domain. (Find the PDC emulator by using the netdom query FSMO command) the registry key is: HKLM SystemCurrentControlSetControlLSA. Add a value called TCPIPClientSupport with a data type of REG_DWORD and give it a value of 1. Then restart the PDC emulator.

I am told this value is case sensitive. You can read more about this problem by looking at KB article 236111. I don't know if there will be a problem with this over Check Point VPN-1. Let me know if this solves your problem.

This was last published in January 2003

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.