Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 7961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Syncronize over VPN

aaronford

Hopefully this is an easy one...

When my end users are working over a VPN, the credentials aren't syncronizing.  Whether the user signs thru sophos using their account and old password, or an admin account/POA, then forcing syncronization, upon reboot, sophos still isn't accepting the new AD password.

My current workaround, is haivng them come into an office, and syncronizing.  However, it seems this should work when they are connected via the VPN.

Any help would be greatly appreciated.

:42185


This thread was automatically locked due to age.
Parents
  • 0

    Hallo,

    your statement "sophos still isn't accepting the new AD password" lets me believe that you change the AD password e.g. in the domain or with the Windows Credential Provider (or in an alternative Windows application like Outlook). This is not possible. All password changes have to happen on the client using the SafeGuard Enterprise Credential Provider.

    This is because to change the password in the POA, SGN needs to have both, the old and the new password in memory. The old one is needed to de-crypt the certificate in the POA, the new one to re-encrypt the certificate again. Only then will the new password be the correct one in the POA after the next reboot.

    More information can be found here: http://www.sophos.com/en-us/support/knowledgebase/117256.aspx

    :42542
Reply
  • 0

    Hallo,

    your statement "sophos still isn't accepting the new AD password" lets me believe that you change the AD password e.g. in the domain or with the Windows Credential Provider (or in an alternative Windows application like Outlook). This is not possible. All password changes have to happen on the client using the SafeGuard Enterprise Credential Provider.

    This is because to change the password in the POA, SGN needs to have both, the old and the new password in memory. The old one is needed to de-crypt the certificate in the POA, the new one to re-encrypt the certificate again. Only then will the new password be the correct one in the POA after the next reboot.

    More information can be found here: http://www.sophos.com/en-us/support/knowledgebase/117256.aspx

    :42542
Children
No Data
Unfiltered HTML