Windows SSO does not work when using VPN or Dial-Up connections

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth Idp Version affected:  All



    When users that are connected using some form of Windows RAS (Remote Access Server) connection such as dial-up, VPN or a USB data dongle (GPRS, 3G, 4G etc.) attempt to use a realm with Windows Single Sign-On enabled, it will fail and a Windows credentials prompt will be displayed.



    This typically happens if the username and/or password used for the RAS connection differs from the users domain credentials. 

    By default, Windows always uses the RAS connection credentials for automatic logon/Windows SSO instead of the credentials used to interactively log on to the machine. 



    1. Open the following file in a text editor:

    %USERPROFILE%\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk    (Usually rasphone.pbk)

    2. Find the line:

    and change it to:

    3. Save the file.


    Special Considerations:  

    It may be necessary to first disconnect the RAS connection before altering the file above.

    Some devices install their own software to initiate and manage the connection.  Such software may overwrite the .pbk file each time a connection is initiated, thus undoing any changes made, this is particularly prevalent with USB dongles.  If this happens then a connection should be manually created from the Network and Sharing Center and used to initiate and manage the connection instead of the software supplied.


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.