I have several users that have Windows 7 pro laptops that are members of our Server 2003 AD domain. When working remotely, the users login to their Windows 7 machine using cached credentials, then establish a split tunnel VPN connection to the main office. When the users try and access file servers or even browser the SYSVOL share on a domain controller they receive the message "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you." They can't sync offline files or access any network resources hosted by our servers. If the users connect to the VPN with a full tunnel that forces all traffic to go over the VPN tunnel they do not receive the message and they are able to access all network resources (All resources are hosted by Windows Server 2003 servers). In the past using XP there were no issues with this - the users could pick any VPN config and access anything they wished. I have disabled the Windows Firewall as a test and there has been no change in behavior. I am not pining for XP but I need to understand better what is different in Windows 7 about this so I can make changes. I need the Windows 7 machines to be able to access the Server 2003 network resources no matter whether they are split or full tunnel. What can I do about this? I haven't seen any Windows 7 specific information about what this error actually means. I would like to know more about it and resolve the issue. Thanks.

d8taslay3r, I believe you recieve this error when your machine can't connect to the to the KDC. See this article for more info http://support.microsoft.com/kb/938457/en-us Or you can turn off split tunneling on your clients quite simple. The only thing what you need to do is turn off the option "Use default gateway on remote network" on your VPN connection. (The following article describes how you can do this) http://www.isinc.com/2008/04/11/configuring-a-split-tunnel-pptp-vpn-in-windows-vista/ If you need to do this for a lot of clients you can download CMAK (http://technet.microsoft.com/en-us/library/cc739464(WS.10).aspx) to deploy this to a large collection of machines. Think on this disabling the split tunneling option generates a heavier load on VPN servers. But from a security perspective is this a safer method. Kind Regards DFT IM me - TWiTTer: @DFTER