KNOWN ISSUE: Nested domain user cannot authenticate a remote control session to Vista
|Article:TECH45415|||||Created: 2009-09-29|||||Updated: 2010-10-25|||||Article URL http://www.symantec.com/docs/TECH45415|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
"Invalid login. Please try again." error appears after providing Active Directory credentials to initiate a remote control session to a Vista computer.
The user specified belongs to an Active Directory global security group, and that group belongs to the security group which is specified in the host configuration policy. In other words, the user is nested indirectly in a group below that which is specified in the configuration policy.
For example, the user is directly a member of "Lower Level Group". In Active Directory Users and Computers, the "Lower Level Group" is a member of (or managed by) another group "Higher Level Group". The pcAnywhere Solution host configuration policy defines the Active Directory group named "Higher Level Group" as a valid caller.
pcAnywhere Solution 12.5 or pcAnywhere Solution 12.5 SP1
Active Directory with nested groups
Vista client computers
There was an issue in the component which provides Active Directory authentication, adsauth.dll.
This issue is resolved in Service Pack 2 of pcAnywhere: https://kb.altiris.com/article.asp?article=50630&p=1
If you are unable to update at this time, you will need to apply the attached fix files.
Attached to this Knowledge Base article is a file named ADS_Auth_Vista.zip. The zip file contains two files:
- adsauth.dll version 126.96.36.1991, which resolves this issue.
- Readme.txt, which has instructions for applying the fix. Note that the fix is for computers running the SP1 version of the pcAnywhere Solution plug-in (Symantec pcA Agent version 12.5.415).
In addition to the fix, there are some work-arounds:
- Use Active Directory without nested groups (add users directly into the group defined in the host configuration policy).
- Use pcAnywhere or NT authentication.
Logged in Etrack (Symantec) database
Article URL http://www.symantec.com/docs/TECH45415