@Mike-Davis said in MS VPN connection; Account locked:

@JaredBusch said in MS VPN connection; Account locked:

@scottalanmiller said in MS VPN connection; Account locked:

To sign into the domain, your VPN goes up first. To sign into the laptop, you sign in cached and then fire up the VPN. There is a reason that VPN-first systems like OpenVPN, Pertino, ZeroTier, etc. are so important. They let you do things like central revocation because they always get updates from AD.

Correct. this is the problem. always.

How does that work when they are on a wifi connection that doesn't connect until after they log in to their laptop?

You have cached creds for that. Log in, connect, reboot.

@thwr said in Simple guide to diagnosing Account Lockouts:

Locked AD accounts due to bad passwords
https://mangolassi.it/topic/9709/monitoring-ad-users/12

Thanks. I added the link to the comment section on the article.