Access Keys:
Skip to content (Access Key - 0)

Remote Domain Computers and Password Changes

On this page:

Who this is for

If you are on a domain-controlled Windows PC and change your Kerberos password, you may experience logon issues with your computer if it has not properly synced with the domain controller after your password change. In order to tell if you have an MIT domain-managed Windows computer, if you see "Sign in to: ATHENA.MIT.EDU" at the Windows logon screen, follow the instructions below to insure continued access to your computer.

“Screenshot of Windows logon scree with ‘Sign in to:ATHENA.MIT.EDU’ circled.”

Change your password while on the VPN

To synchronize your new Kerberos password with your domain password, perform the following steps while connected to MIT VPN Services.

  1. Connect to an MIT VPN connection by using either the Prisma Access VPN or Cisco AnyConnect client
  2. Change your password
    “Screenshot of Change Your Kerberos Password screen.”
  3. Lock your computer by either clicking "Windows+L" or "Ctrl-Alt-Delete" and selecting "Lock"
    “Screenshot of Windows Lock screen with ‘Lock’ circled.”
  4. Wait 10 minutes for your computer to establish a connection to the domain and sync the new password.
  5. Log into your computer using your newly created password.

If, after 10 minutes, you are still unable to log in to your computer, follow the instructions below.

Alternate Method

If you have the Cisco Start Before Login module installed, this is also another way to establish a vpn connection without being logged into your computer, which allow your password to sync if you are locked out.

MECM - Cisco AnyConnect VPN - Start Before Logon Module

Can't log in with the new password

  1. Disable all network connections. Completely disconnect your computer from any Ethernet or Wifi networks.
  2. Log into Windows with your old Kerberos password (the credentials have been cached). Prepend your username with WIN\, e.g. WIN \ KerbID 
    “Screenshot of Windows logon screen with old Kerberos information.”
    If you are unable to logon while prepending your username with WIN\ , try again without the prepend.
  3. Reconnect to your network.
  4. Open a VPN connection to the MIT network
  5. Lock your computer by either clicking "Windows+L" or "Ctrl-Alt-Delete" and selecting "Lock"
      “Screenshot of Windows Lock screen with ‘Lock’ circled.”
  6. Wait 10 minutes for your computer to establish a connection to the domain and sync the new password
    If you are unable to login using this method and the computer is managed by IS&T's on-site team, please email ditr-support@mit.edu. If the device is not managed by IS&T please reach out to your DLCs IT Team

Related links

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

August 04, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
windows windows Delete
password password Delete
vpn vpn Delete
synchronize synchronize Delete
kerberos kerberos Delete
win win Delete
domain domain Delete
synchronization synchronization Delete
certificate certificate Delete
sbl sbl Delete
cisco cisco Delete
anyconnect anyconnect Delete
forgot forgot Delete
new new Delete
old old Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki