KNOWN ISSUE: Nested domain user cannot authenticate a remote control session to Vista

Article:TECH45415  |  Created: 2009-09-29  |  Updated: 2010-10-25  |  Article URL http://www.symantec.com/docs/TECH45415
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



"Invalid login. Please try again." error appears after providing Active Directory credentials to initiate a remote control session to a Vista computer. 

The user specified belongs to an Active Directory global security group, and that group belongs to the security group which is specified in the host configuration policy.  In other words, the user is nested indirectly in a group below that which is specified in the configuration policy.

For example, the user is directly a member of "Lower Level Group".  In Active Directory Users and Computers, the "Lower Level Group" is a member of (or managed by) another group "Higher Level Group".  The pcAnywhere Solution host configuration policy defines the Active Directory group named "Higher Level Group" as a valid caller.
 


Environment



pcAnywhere Solution 12.5 or pcAnywhere Solution 12.5 SP1
Active Directory with nested groups
Vista client computers


Cause



There was an issue in the component which provides Active Directory authentication, adsauth.dll.


Solution



This issue is resolved in Service Pack 2 of pcAnywhere:  https://kb.altiris.com/article.asp?article=50630&p=1

If you are unable to update at this time, you will need to apply the attached fix files.

Attached to this Knowledge Base article is a file named ADS_Auth_Vista.zip.  The zip file contains two files:

  1. adsauth.dll version 12.5.0.551, which resolves this issue.
  2. Readme.txt, which has instructions for applying the fix.  Note that the fix is for computers running the SP1 version of the pcAnywhere Solution plug-in (Symantec pcA Agent version 12.5.415).


In addition to the fix, there are some work-arounds:

  • Use Active Directory without nested groups (add users directly into the group defined in the host configuration policy).
  • Use pcAnywhere or NT authentication.

 


Attachments

ADS_Auth_Vista.zip (48 kBytes)

Supplemental Materials

SourceDEFECT
ValueETK 1821060
Description

Logged in Etrack (Symantec) database


Legacy ID



49333


Article URL http://www.symantec.com/docs/TECH45415


Terms of use for this information are found in Legal Notices