Cannot push clients - Failed to connect using machine account

Similar Messages

• NTLM authentication fails to connect using webdav on osX

  We are having problems in our organization getting our macs connected via webdav using NTLM authentication.
  Our structure is as follows:
  Netapp/IBM nSeries gateway/filer model n6040 which is our FTP/CIFS/Webdav host.
  Windows Server 2008 R2 Domain Controller with Active Directory
  Windows 7, Mac osX clients (various versions).
  From the windows side, we are able to connect to our filer via FTP, CIFS, and http/Webdav after we authenticate using our AD credentials.  From the Mac side, we can authenticate and connect to our filer using FTP, CIFS (using Connect to Server "smb://ourfiler.com") and through a browser using the address of http://ourfiler.com.  This type of connection using webdav works with Firefox but not using Safari or Chrome but isn't adequate enough for our users since the browser based connection is read only.  However, when we try to Connect to Server via webdav using our server address of http://ourfiler.com:80, we never get past the "Enter your name and password for the server "ourfiler.com." 
  We tried a third party webdav client on our macs: Cyberduck, which also fails to connect using webdav.   We also tried a separate linux client and were able to connect without any problems.
  Since authetication for webdav works on windows and linux, we're thinking there is problem with osX itself.  Has anyone else had this problem or can anyone suggest any workarounds/solutions?

  Sorry for the late replies gentleman... for some reason I didn't get email alerts when you guys posted....
  Anyways, yes the DC is on a different subnet and no we don't have WINS.  The way I understand it is the client will contact the master browser in it's local subnet... all the master browsers in all other subnets contacts the Domain master browser ...
  and they share the server list this way... I mean it's a little more complicated than that....well to me at least...
  Can you try resolving the short name with the domain controller being on another subnet and you having a different master browser in your client subnet?
  What is the process the client goes thru when looking up Domain netbios name?  LIke for DNS, it's straight forward... the client looks at DNS server, then for the SRV records for the Site the client is in and get's domain controller.......   How
  does this work for netbios domain name?  There is NO WINS in the environment.
  Chau

• Anyconnect Failed to Connect using WEBVPN on IOS Router 2800 Series

  Hi All,
  Kindly need your help. I was trying to built Remote Access VPN connection on my lab environment. The component is Router 2811 with (c2800nm-advsecurityk9-mz.124-22.T5.bin), Anyconnect Client ( anyconnect-win-3.1.05160-k9.pkg ), Laptop ( Firewall and Antivirus disabled, already register webvpndomain.com into hosts file on Win32/Driver/Etc ).
  I was able to connect using anyconnect if I'm initiate connection via web (https://webvpndomain.com) and start tunnel connection SVC. I'm also able to reach my LAN and I get my private IP Address assigned by my vpn pool on the router. The problem is when I'm initiate connection to vpn directly from the computer, I mean I'm not using web (https://webvpndomain.com) and I'm just press "connect" on my anyconnect software that already installed on my Laptop the connection always fail. I get error message : Connection attempt has failed
  Here I'm also attach my router configuration, so you can see what I've done or what mistake that I've made on the configuration.
  Is anybody in here have experience this problem on deploying Remote Access VPN using webvpn and anyconnect as vpn client ?
  I'm really appreciate anybody that get into this discussion
  Best Regards,
  Nanda

  Try using webvpndomain.com/myVPNGW as host

• Cannot send email in mail app. using POP account with Wi-Fi

  I recently moved to an apartment that only has wireless internet access. Since moving I cannot send email using my POP account, although I can receive email. I was also not able to receive email using my .mac account, but I learned through this forum to change server port to 587 in .mac account and now I can send via .mac account in mail app. But I still cannot sent email with mail app. using my POP account. I changed no settings when I moved, and have never had this problem with cable. Any suggestions?

  It all depends on the policy of whoever is the ISP at your new location and the method used by the outgoing (SMTP) server to determine whether you’re a legitimate user.
  In an attempt to fight spam, many ISPs restrict the ability to send using an outgoing (SMTP) server not owned by them, usually by blocking port 25 for all traffic outside their own network, which means you cannot send with an SMTP server not owned by them if configured to use that port number. And it may happen the other way around as well, i.e. the outgoing server itself may look at the IP address you’re connecting from and refuse the connection if you’re outside its own network.
  Something that often works is changing the outgoing server port to 587 (or whatever alternate port number the outgoing server listens to) instead of 25 and using some form of authentication in Preferences > Accounts > Account Information > Outgoing Mail Server > Server Settings, but two conditions must be satisfied for this change to work: (1) the ISP must not block that port as well AND (2) the outgoing server in question must listen to that port and accept a form of authentication not based on the IP address you’re connecting from.
  Independent mail service providers not tied to a particular ISP, such as .Mac and Gmail, do allow authenticated SMTP access on port 587, which is the reason changing the outgoing server port number solves the problem for them if the ISP doesn’t block that port as well.
  The following article, for example, describes several ways to address this issue in the case of .Mac, but can be useful for other mail accounts as well (not just .Mac), and applies to all versions of Mac OS X (not just Mac OS X 10.4.2 and earlier as the article states):
  .Mac: Server timeout alert message when sending email

• 12 Core Mac Pro client fails to connect to xsan

  Dear all, hopefully someone can shed some light on this problem.
  We have an xsan system running with clients and MDCs running 10.6.6, XSAN 2.2.1. We have just purchased a new 12 core Mac Pro but we cannot get the machine connected as a client. XSAN admin sees the machine, but fails to write the configuration files on the client. We have tried running the client in 32 and 64 bit modes.
  Has anybody else had the same problem? We do have one other 64 bit 8 core Mac Pro (early 2009) client connected without a problem.
  Any advice would be greatfully received.
  Richard

  Problem solved. Someone had unplugged the metadata ethernet cable!

• Iphone 5 Email client fails when connecting to server with certs signed by personal CA

  My mail resides on my own server with its own private CA that was used to sign the email server cert.
  I used sendmail and CA and certs were created with below commands:
  CA -newca
  openssl req -newkey rsa:1024 -nodes -keyout sendmail_req.pem -out sendmail_req.pem
  openssl ca -out sendmail_cert.pem -infiles sendmail_req.pem
  Before I switched to iphone 5 I had Iphone 3s and all worked fine.
  I would get a notification: cannot verify server identity, but after clicking continue all would work fine.
  The client would connect on port 993 to receive email and on port 587 to send.
  Now on iphone 5 I get error: Cannot verify Server Identity with no prompt to accept the cert.
  Is there any work around for it?
  I tried to export the cert from I mac and import to iphone but still no luck.
  It looks like since iphone 4 the certs not issues by legal CA's don't work?
  thx

  I fixed that by getting certs from: https://www.startssl.com/?app=1.
  The certs are free and work fine.
  Since Iphone 4 apple does not accept unknown CA Authorities.

• Error pushing client "Failed to get DP locations as the expected version from MP...."

  I am new at SCCM.  installed 2012 R2 and SQL 2012 R2 on a single server.   I created a boundary and a boundary group and ran discover on my AD.  I am trying to push the client to a couple of discovered PCs.  I resolved an issue with a
  permissions error accessing the \admin$ share, but now I'm getting "Failed to get DP locations as the expected version from MP servername..."
  I'm seeing this in the client ccmsetup.log
  I've tried everything I can think of and still can't fix it.   I have checked my DP and it was set to HTTP.   Can anyone help offer some suggestions?
  Thanks

  The error means the expected version of Client Package cannot be got from DP. Please update Client Package from Package Node in SCCM Console, then observe the distmgr.log to make sure the updated pkg has been distributed to DP, then try again.
  Juke Chou
  TechNet Community Support

• Security Services Client fail on fast using AP autonomous

  Hi,
  I have a wirless network using Controller on some sites and AP autonomous on others. Im using EAP leap and FAST with wpa(tkip). and I have ACS. soo the problem is that using CSSC with eap-fast is Authent fail on Autonomos. leap work fine. and on light aps work fine. I probe another client on laptop(Dell wireless WLAN card utility) and eap-fast work fine on AP-autonomos and light.
  Any ideas?

  Looks like the instance is not up.
  Ensure the database instance is up and running. if not "startup" and then try your jdbc client connection.

• Win 7 Pro 64 occasionally fails to connect using IKEV2 to Win2008R2 Routing and Remote Access server

  I'm a networking guy and having this troubling VPM issue that I can't find.
  I have a number of VPN connections from my Win7Pro 64 PC to various customers.  Their end points are all Windows Routing and Remote Access on Windows 2008R2 STD servers.
  Every once and a while I will hang at Verifying User ID and Password and eventually get  ERROR 809. Change the security type on my VPN connection from IKEV2 to PPTP - never an issue, connects in right away.
  I can also try from another PC (at the same or alternate location) to get into that same server using the same credentials and access - no issue using either IKEV2 or PPTP.
  This has happened at various times to various customers. Here is what I know it is not:
  - Not the local or remote routers or Firewalls since I can always get in from other PC's going through the same network. Even so, tried rebooting all several times
  - Not an ISP issue at either end since I can always get into other IKEV2 servers from the same PC and from other PC's to the server I can't from my PC.
  This leads to the only logical conclusion.  It is something to do with my Win7Pro 64 PC but for the life of my I can not find it.
  I have obviously tried rebooting the Win7Pro PC. I have also tried recreating the VPN connection several times. Nothing.
  Help!

  Hi,
  I know that you've mentioned that it is not a issue about firewall or router settings, but this error usually comes when some firewall between client and server is blocking the ports used by VPN tunnel.
  so to allow IKEv2 traffic, please make sure to configure the network firewall to open UDP ports 500 and 4500, and to allow IP protocol 50.
  If that is not possible, deploy SSTP based VPN tunnel on both VPN server and VPN client – that allows VPN connection across firewalls, web proxies and NAT
  You can refer to this blog
  http://blogs.technet.com/b/rrasblog/archive/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through.aspx
  Regards
  Yolanda
  TechNet Community Support

• Java client failing to connect to web service - help!!

  Hi
  I have created a Web service using ASP Web Matrix, which currently resides on my C drive in c:\Service6\HelloWorld.asmx.
  The service can be tested from a browser on my local machine by calling: http://localhost/Service6/HelloWorld.asmx. This works fine, i.e. it takes a string as a parameter and returns an amended string.
  When I try to access this from a Java client I created in Netbeans, however, I get the following error message:
  Server did not recognize the value of HTTP Header SOAPAction: sayHiya.
  at System.Web.Services.Protocols.Soap11ServerProtocolHelper.RouteRequest()
  at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
  at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
  Can anyone advise what I am doing wrong?
  [nb. I have spent over a week trying to sort this, so I have tried!!)
  The code for the client follows:-
  // The Axis package is used to generate and handle the SOAP call
  import org.apache.axis.client.Call;
  import org.apache.axis.client.Service;
  import org.apache.axis.encoding.XMLType;
  // The rpc package is used to create the RPC call
  import javax.xml.namespace.QName;
  import javax.xml.rpc.NamespaceConstants;
  // The java.net package gives a URL class
  import java.net.URL;
  public class HelloWorldClient {
      /** Creates a new instance of HiyaClient */
      public static void main(String[] args)
  try
  String endpoint = "http://localhost/Service6/HelloWorld.asmx";
  Service service = new Service();
  Call call = (Call) service.createCall();
  // Configure the call
  call.setTargetEndpointAddress(new URL(endpoint));
  call.setSOAPActionURI("sayHello");
  call.setEncodingStyle(NamespaceConstants.NSURI_SOAP_ENCODING);
  call.setOperationName(new QName("urn:HelloWorld", "sayHello"));
  //call.setReturnType(XMLType.XSD_STRING);
  System.out.println("**Works to here**");
  //Invoke the call
  String result = (String) call.invoke(new Object[] { "Diane" });
  System.out.println("Sent 'Diane', got '" + result + "'");
  catch(Exception e)
  System.err.println(e.toString());

  Hiya, did try that - tried
  "http://localhost:8080/HelloWorld.asmx" and
  "http://localhost:8080/Service6/HelloWorld.asmx" and it still didn't work.
  Thanks anyway.
  Anyone else got any bright ideas?

• Toplink fails to connect using Datasource

  I'm deploying an EJB project using Toplink persistence to Oracle AS 10.1.3.1 and have defined a datasource/connection pool as:
  <managed-data-source name="OAS_Oracle_Datasource"
  connection-pool-name="My_Connection_Pool"
  jndi-name="jdbc/OAS_Oracle_Datasource"/>
  <connection-pool
       name="My_Connection_Pool"
       min-connections="3"
       max-connections="10">
  <connection-factory factory-class="oracle.jdbc.pool.OracleDataSource"
  user="joeuser"
  password="joepasswd"
  url="jdbc:oracle:thin:@dbserver:dev01">
  </connection-factory>
  </connection-pool>
  Once deployed I can test the datasource/connection pool successfully from the admin GUI. I can also access the database from an external client using the same connection parameters. However, I see this stack trace in log.xml:
  Exception [TOPLINK-4002] (TopLink (Oracle OC4J CMP) - 10g Release 3 (10.1.3.1.0) (Build 061004)): oracle.toplink.exceptions.DatabaseException
  Internal Exception: java.sql.SQLException: Io exception: The Network Adapter could not establish the connectionError Code: 17002
       at oracle.toplink.exceptions.DatabaseException.sqlException(DatabaseException.java:276)
       at oracle.toplink.internal.ejb.cmp.oc4j.Oc4jNonJtaConnector.connect(Oc4jNonJtaConnector.java:49)
       at oracle.toplink.sessions.DatasourceLogin.connectToDatasource(DatasourceLogin.java:147)
  <SNIP>
       at java.lang.Thread.run(Thread.java:595)
  Caused by: java.sql.SQLException: Io exception: The Network Adapter could not establish the connection
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:138)
  <SNIP>
       at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:608)
       at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:218)
       at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:114)
  <SNIP>
       at oracle.oc4j.sql.ManagedDataSource.getConnection(ManagedDataSource.java:197)
       at oracle.oc4j.sql.ManagedDataSource.getNonTransactionalConnection(ManagedDataSource.java:167)
       at oracle.oc4j.sql.ManagedDataSource.getNonTransactionalConnection(ManagedDataSource.java:153)
       at oracle.toplink.internal.ejb.cmp.oc4j.Oc4jNonJtaConnector.connect(Oc4jNonJtaConnector.java:44)
       ... 27 more
  Anyone run into this problem? If so please share your fix.
  Thanks,
  Gerald

  OK, a little more light shines on this mystery...
  It turns out that the deployer-generated orion-ejb-jar.xml was using a data-source attribute pointing at the jdbc/OracleDS datasource in the default application, which OAS creates during install. Of course this wasn't set to anything in particular, and if Toplink is using this behind the scenes it wouldn't connect.
  Now the question is how do I get my datasource stuffed into the auto-generated orion-ejb-jar.xml data-source? Would be nice if there was a way to specify some Toplink datasource property in the orion-ejb-jar.xml before it gets processed by the deployer into its eventual resting place under application-deplyments.
  Gerald

• Connecting 3 machines as seperate clusters using synchronized-site example

  I am trying to configure three machines as seperate clusters and want to have replication between them. I followed the synchronized-site example and configured two machines successfully.
  For connecting the third machine, I am adding the remote address of the third machine in the remote-invocation-scheme of the other two machines and also defining a proxy-scheme for the third machine.
  I observed that in case of three machines the cache is getting replicated only between any two machines and not in the third machine. I am not able to identify the faulty node in the above mentioned setup.
  Please forward any information as to how to configure more than two nodes using the synchronized site example.
  P.S. Attaching the error log.
  Error Log:_
  Map (india-cache): cache london-cache
  2009-07-23 18:46:43.350/593.493 Oracle Coherence GE 3.5/459 <D5> (thread=Distrib
  utedCache:LondonPartitionedCache, member=2): Service LondonPartitionedCache join
  ed the cluster with senior service member 1
  2009-07-23 18:46:43.360/593.503 Oracle Coherence GE 3.5/459 <D5> (thread=Distrib
  utedCache:LondonPartitionedCache, member=2): Service LondonPartitionedCache: rec
  eived ServiceConfigSync containing 258 entries
  <distributed-scheme>
  <!--
  no backups, since this is a replica
  -->
  <scheme-name>london-partitioned</scheme-name>
  <service-name>LondonPartitionedCache</service-name>
  <thread-count>4</thread-count>
  <backup-count>0</backup-count>
  <backing-map-scheme>
  <class-scheme>
  <class-name>com.tangosol.examples.extend.ExtendBackingMap</class-name>
  <init-params>
  <init-param>
  <param-type>com.tangosol.net.BackingMapManagerContext</param-type>
  <param-value>{manager-context}</param-value>
  </init-param>
  <init-param>
  <param-type>string</param-type>
  <param-value>RemoteCache</param-value>
  </init-param>
  <init-param>
  <param-type>string</param-type>
  <param-value>london-cache</param-value>
  </init-param>
  </init-params>
  </class-scheme>
  </backing-map-scheme>
  <autostart>true</autostart>
  </distributed-scheme>
  Map (london-cache): get done
  2009-07-23 18:46:56.980/607.123 Oracle Coherence GE 3.5/459 <Error> (thread=main
  , member=2):
  (Wrapped: Failed request execution for LondonPartitionedCache service on Member(
  Id=1, Timestamp=2009-07-23 18:36:39.152, Address=192.168.14.122:8088, MachineId=
  26234, Location=site:mcgrawhill.co.in,machine:TCS047891,process:4152, Role=Coher
  enceServer)) com.tangosol.net.RequestTimeoutException: request timed out after 1
  0000 millis
  at com.tangosol.util.Base.ensureRuntimeException(Base.java:293)
  at com.tangosol.coherence.component.util.daemon.queueProcessor.service.G
  rid.tagException(Grid.CDB:36)
  at com.tangosol.coherence.component.util.daemon.queueProcessor.service.g
  rid.DistributedCache.onGetRequest(DistributedCache.CDB:40)
  at com.tangosol.coherence.component.util.daemon.queueProcessor.service.g
  rid.DistributedCache$GetRequest.run(DistributedCache.CDB:1)
  at com.tangosol.coherence.component.util.DaemonPool$WrapperTask.run(Daem
  onPool.CDB:1)
  at com.tangosol.coherence.component.util.DaemonPool$WrapperTask.run(Daem
  onPool.CDB:32)
  at com.tangosol.coherence.component.util.DaemonPool$Daemon.onNotify(Daem
  onPool.CDB:69)
  at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:37)
  at java.lang.Thread.run(Thread.java:619)
  Caused by: com.tangosol.net.RequestTimeoutException: request timed out after 100
  00 millis
  at com.tangosol.coherence.component.net.extend.message.Request$Status.wa
  itForResponse(Request.CDB:58)
  at com.tangosol.coherence.component.net.extend.Channel.request(Channel.C
  DB:20)
  at com.tangosol.coherence.component.net.extend.Channel.request(Channel.C
  DB:1)
  at com.tangosol.coherence.component.net.extend.RemoteNamedCache$BinaryCa
  che.get(RemoteNamedCache.CDB:11)
  at com.tangosol.util.ConverterCollections$ConverterMap.get(ConverterColl
  ections.java:1522)
  at com.tangosol.coherence.component.net.extend.RemoteNamedCache.get(Remo
  teNamedCache.CDB:1)
  at com.tangosol.coherence.component.util.SafeNamedCache.get(SafeNamedCac
  he.CDB:1)
  at com.tangosol.util.ConverterCollections$ConverterMap.get(ConverterColl
  ections.java:1522)
  at com.tangosol.examples.extend.ExtendBackingMap.get(ExtendBackingMap.ja
  va:320)
  at com.tangosol.coherence.component.util.daemon.queueProcessor.service.g
  rid.DistributedCache.onGetRequest(DistributedCache.CDB:25)
  ... 6 more
  Map (london-cache): get tcs
  null
  Map (london-cache):
  Edited by: user11285641 on Jul 23, 2009 7:58 AM

  Thanx a lot for your suggestion.
  I have implemented Push Replication pattern to connect three machines in the hub-spoke model. But I am facing another problem.
  I want replicate the message (or cache data) at any one of the listeners across all the listener nodes. My hub publisher is taking care of that. But how to get the message from the listener site to the hub in the first place?
  I read somewhere about the active-active configuration of the Push Replication pattern, but am unable to implement it.
  Will it suit my purpose? Any suggestions would be helpful.
  Regards,
  Arunava

• Mail app intermittently fails to connect - internet accounts preferences cannot connect, then unable to verify name or password. Why?

  Running 10.10.2 on early 2011 MBP, 8 GB RAM.
  Mail app intermittently fails to connect - message: internet accounts preferences cannot connect, then unable to verify name or password.  No problem with iPhone to connect same 3 accounts. Have run Disk Utility and rebooted. What is happening?

  Same issue, too.  But I have nothing better to do than try to fix Apple problems that appear mysteriously and randomly; I'm sure you're the same way.
  The REAL REASON, which can no longer be overlooked, is that Apple's (probably underpaid sweatshop Chinese) employees build toys for grown-ups and do little more than that.  I wish I had never bought my Mac (2009) since few things about Apples are "intuitive" unless you've been an Apple cultist since Jobs introduced the first Mac.  Oh, and because things mysteriously stop working, something I don't recall happening with any of the PCs I've owned. 
  Apple's version of Excel is a total joke and on an update that I did not ask for, the "Save As" feature, a convention that was 30 years old and worked well, was removed in favor of "Duplicate, Rename, Save."  What 22 year-old Apple product manager was allowed to make this change? 
  I foolishly compounded my Mac purchase error by buying an iPhone 4S.  On that lovely ($200 Verizon-subsidized) product, I can no longer discover my home network, rendering my ($100) Airplay for outdoor music useless.  (But I probably can post a picture directly to Facebook or something!  More toyish behavior in which Apple specializes.)  Can I get support on these POS with a phone call?  No, I need to rely on a Aapl cultist to devise some esoteric key combo or a "jailbreak" on a Support board or blog site.
  I'm eligible for a phone upgrade on 8/13 and I'm counting the days.  Will upgrade to a good large-screen laptop asap as well and then throw the Mac out my office window.  Junk, just junk.  Apple's stock is at $433 from $700 and it's still overpriced.  How long will this rant last before it's sanitized by the Cupertino Big Brother? Maybe what the children who design product ought to do instead is BUILD BETTER STUFF.

• 802.1x + Machine Account Authentication = Vulnerability?

  Hello forum,
  I'm trying to determine the security implications of utilizing 802.1x authentication/authorization with the "Domain Computers" option selected within ACS. The problem I am having with this scenerio is this:
  1) Client machines are authenticated to the LAN or WLAN based on AD machine account name/password if "Domain Computers" is selected.
  2) Windows XP machines will authenticate 802.1x using the machine account name/password by default upon initial boot and upon log-off.
  3) Once a machine boots up or someone logs off, the 802.1x port status is placed into "Authorized" using machine account name/password credentials.
  4) If you log onto a machine after the port goes "Authorized" (from #3) with a local user or local administrator account you gain "free access" to the network for < 60 seconds (I've done this many times now and you do infact gain "free access.")
  So then the following scenerio comes into play, what if:
  1) Someone steals a laptop.
  2) Compromises a local user or local administrator account on said laptop.
  3) Places the laptop onto either the wired or wireless network.
  4) Reboots the box.
  5) Logs in with local user or local administrator and launches a script (they will have free-access for < 60 seconds before a re-authentication is forced).
  Anyone famliar with this, or any white papers/KB's is/are greatly appreciated!
  Thanks,
  Jeremy

  A small clarification here about your statement:
       "The PC will try machine authentication once it boots up. Once  is entered, the PC initiate 802.1x  authentication by sending     EAPOL start. The AP or switch should change  the state of the PC from authenticated to authenticating. Thus, the PC  should not get network     connectivity unless it passes user authentication  again. If you use a local account to logon to the PC, the PC should not  pass 802.1xauthentication.      At least, that's how Cisco equipment works."
       This is not up to Cisco equipment, the AP has no idea the PC is switching between machine and user mode unless the supplicant on the PC restarts the authentication (via EAPOL-Start as you stated), this is wholey up to the supplicant installed on the PC.  So with this < 60 second window that is being seen here it is most likely due to slow load of the user space/desktop.
  An option to prevent this would be to use a supplicant that can start before login (such as the Cisco Secure Services Client) that way the user is authenticated before they have access to the desktop.
  --Jesse

• Clients cannot connect using afp running lion 10.7.1, worked ok before upgrade from 10.7 to 10.7.1

  I am running a macminiserver on ahome newtwork.  Original running snow leopard and then upgraded to 10.7 lion on all machine and everything was working fine.  Clients coul connected to shared drives on the server using afp.  However, after upgrading to 10.7.1 on the server and client machines, they can no lnger connect to the drives using afp, however you can connect using smb.
  I ahve tried stopping and starting the afp server, rebuilding permissions on the server - still cannot connect using afp.
  Any ideas?

  Be sure the correct Lion afp port is open on your router, even if you are using an Airport (port 548 tcp). Just do a search on "Mac OS X Lion ports".
  Also, if this is outside of the network, use the full server name in the Finder's Connect to Server, afp://server.com; when it prompts for a username, enter your first name and last name (not your short name) and then you also need to enter your password. If you don't have a fqdn, then you can use the static ip for "server.com"
  It should work, working for me inside and outside of the network. Admittedly, I don't think you need the port on the router for internal use, but you can test both ways.
  When working outside of the network a vpn is not required.