Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 1286 views
  • Users 0 members are here
Options
Suggested

Windows Homedrive - mounting fails due to delayed firewall authentication

LHerzog

When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not yet authenticated at the firewall when Windows tries to mount the homedrive at a very early stage of login.

The homedrive is a user attribute in AD, it would not be a workaround to use a start script with delay, because this would mount the share but will not set the attribute.

Is there a known workaround except removing the user authentication requirement?

Endpoints are Win10/11 with Intercept-X

SFOS 20.0.1

Support Case: 07464298



Edited TAGs
[edited by: Raphael Alganes at 11:21 PM (GMT -7) on 5 Aug 2024]
Parents
  • 0
    LHerzog said:
    The homedrive is a user attribute in AD, it would not be a workaround to use a start script with delay, because this would mount the share but will not set the attribute.

    Can you explain what you mean by this? Particularly "but will not set the attribute".

    Are you mapping the Home drive through the AD 'Home folder' attribute? Have you tried mapping it with a GPO instead?

    I haven't tried this as a solution as we don't use Home folders but we do use user authentication for access to other GPO mapped drives and it works, so I don't see why the Home mapping should be any different if done by GPO.

    It isn't perfect as you can't access the drives for about thirty seconds after logging on but the drives are mapped and access works fine after that.

    We also get the delay logging in. Not minutes but I usually have to wait about thirty seconds after the login prompt before I try and login.

  • 0 in reply to JasP

      it's like you said: GPO mapping of drives is no issue - they will be available after a short time and the drive is mounted.

    But if you set this, it is not the same as a standard drive mount.

    (screenshot taken from google)

    We have apps that read the attributes here:

    and want to use them.

  • 0 in reply to LHerzog

    Maybe set H: using GPO and read H: UNC-path within loginscript and write to homeDirectory Attribute?
    What kind of Software uses that AD-Attribute? I'd rather look for another solution within that software.

    At least as server stored userprofles getting more and more outdated and being replaced with fslogix...
    I think you will not build your whole it-concept around one specific (old?) software, that uses legacy windows functions/attributes?

Reply
  • 0 in reply to LHerzog

    Maybe set H: using GPO and read H: UNC-path within loginscript and write to homeDirectory Attribute?
    What kind of Software uses that AD-Attribute? I'd rather look for another solution within that software.

    At least as server stored userprofles getting more and more outdated and being replaced with fslogix...
    I think you will not build your whole it-concept around one specific (old?) software, that uses legacy windows functions/attributes?

Children
No Data
Unfiltered HTML