Jan 26 2022 08:35 AM
VPN connections on Windows have UseRasCredentials option which allow user on non-domain machine work with domain resources using his/her VPN credentials
Under the hood, when this option is enabled, Windows creates stored credentials for a VPN session:
cmdkey /list
Currently stored credentials:
Target: Domain:target=*Session
Type: Domain Password
User: dom\username
Saved for this logon only
We found that on machines with latest updates installed it doesn't work and users aren't able to connect to domain resources (File shares, SQL servers) even when they connected to VPN with their domain credentials
To prove that it's related to latest updates, we launched an old VM (windows 10.0.17763.1577) and everything is working like a charm.
But on new VMs, created from Azure images "Windows 10 Pro 20H2 -Gen1" and "Windows 10 Enterprise 2019 LTSC - Gen1" when user connected to VPN, cmdkey /list not showing credentials for Target: Domain:target=*Session and users aren't able to work with on-prem resources.
As workaround we manually added credentials with
cmdkey /add:Domain:target=* /user:dom\username /pass
where Domain is an exact word "Domain" and dom\username- user login, domain resources became accessible over VPN from non-domain machine.
We also checked rasphone.pbk files (AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk) and it have UseRasCredentials=1
Thanks
Feb 07 2022 08:33 AM
Feb 07 2022 08:52 AM
As workaround we manually added credentials with
cmdkey /add:Domain:target=* /user:dom\username /pass
where Domain is an exact word "Domain" and dom\username- user login.
It works well unless user change the password - in that case stored credentials need to be manually updated. And of course it's insecure - we need to have credentials stored locally on remote machine.
Thanks
Feb 08 2022 02:58 AM
Thanks for the update. Really odd that future updates haven't corrected the issue but great that there's a workaround. If I figure out the cause/a fix, I'll let you know.
Feb 11 2022 07:13 AM
Feb 25 2022 07:29 AM
How do I find the "December working assembly" to replace the current one? My tech does not know how to do this, and Dell wants to rebuild my OS completely. According to this chain, that will spend a huge amount of time and won't fix the problem.
Feb 25 2022 02:07 PM
We take this file from the same version of the system with a full update for December.
Mar 05 2022 12:27 PM
I have finally found someone with this problem ! Fortunately most of my users have domain joined computers so no issues. Still I would like to know if this will get fixed or it is gone forever. Please Microsoft.
Mar 05 2022 12:38 PM - edited Mar 06 2022 05:12 PM
Did you finally fix that issue? If yes, kindly respond. We are also facing the same issue.
Mar 07 2022 11:14 AM
May 16 2022 09:08 AM
This one is starting to get old - constantly back-reving the rasmans dll. Another update to rasmans just last week and still the issue persists. Has there been any acklowedgement by MS that this is a bug that will get fixed anytime?
Mar 11 2023 09:27 AM