Frequently Asked Questions/Known Issues
This page contains answers to common questions and issues.
For questions not addressed on this page, contact the
ADOT Service Desk.
To be a VPN user, am I required to have a telecommuting agreement on file with ADOT?
Yes. The same requirements apply for both dial up and VPN users.
Where can I obtain a “Telecommuting Agreement”?
A Telecommuting Agreement is available from the Telecommuting online training course which is required prior to receiving your Cryptocard. Telecommuting online training can be found in the ADOT Learning Center under Online Training.
If you have already completed the training, you can also contact Human Resources to obtain necessary documentation to become an authorized telecommuter.
What operating systems support ADOT's VPN Program?
The ADOT VPN Client Program is approved for use on the following Microsoft Windows Operating Systems:
| Windows 98 and 98 SE |
| Millennium Edition (Me) |
| 2000 Professional with SP2 or higher |
| XP Home or Professional with SP1 or higher |
| Windows Vista, 32-bit and 64-bit versions |
| Windows 7, 32-bit and 64-bit versions |
Support for Windows 95 will not be provided by ADOT. Check the A list of supported Windows Operating Systems and
contact the ADOT Service Desk if you have any questions.
How do I become an ADOT VPN user?
Contact the ADOT Service Desk at 602.712.7249 for details. ADOT Employees must obtain authorized telecommuter status before ITG can grant remote access.
Why can't I use dial up Internet service with ADOT's VPN?
VPN uses the inherent ability of the Internet's extensive and high speed network as the physical connection medium. While it is possible to dial up to your local ISP and connect to ADOT via the VPN system, the response time will be markedly slower than a direct dial up connection to ADOT. The limitation of your phone line's data transfer capabilities creates a "bottleneck", which ultimately equates to a frustratingly slow session. If your house is only equipped with a phone line (no xDSL, Cable, etc.), better results will be experienced by not using VPN. Direct dial up access can be obtained by contacting the ADOT Service Desk at 602.712.7249.
What software will be provided to me?
For Authorized Remote Access Users, preconfigured Nortel VPN client connection
software may be installed and used on any PC for ADOT business purposes.
For ADOT Employees only: If necessary, please contact the ADOT Service Desk at 602.712.7249 to obtain the official telecommuting CD. This includes Microsoft Office (Outlook, Word, Excel, Access and PowerPoint) and preconfigured mainframe connectivity software called, QWS. All requests for telecommuting software access require verification of identity and employment status.
Do I need a CRYPTOCard to logon to the VPN?
Yes. As a part of the enhanced security measures incorporated into remote access services (Dial up and VPN), the use of a CryptoCard is mandatory.
Will ITG supply the CryptoCard(s)?
ITG will issue your Card but your Org or Company will be responsible for all of the associated cost(s).
How much does a CryptoCard cost?
The cost of each card is $55. Chargeback/remittance instructions will be provided to you during processing.
How do I use the CRYPTOCard?
A complete CryptoCard instruction manual is available on the downloads page of this site.
Back to Top
I keep getting a "Login failed. Please consult the switch log for more information" error message when trying logon to the VPN System.
Cause #1: The most likely cause of this is either a mistyped user ID and/or incorrect password. If several attempts have been made without success, your CryptoCard may no longer be synchronized with the CryptoCard Server. Please contact the ADOT Service Desk at 602.712.7249 to resynchronize your card.
Cause #2: You may be logged on to the VPN server from another location/computer. The VPN system is designed to only allow one logon session per User ID. If this is the case, wait five minutes and try again. Your previous session will timeout after approximately three minutes of inactivity, freeing up the session. Also, you may go to the computer that has the active session and disconnect.
Can I disable the Antivirus software I'm required to use?
Yes, you do have the ability to shut down the program at anytime, however, according to the signed Remote Access User Agreement, the software must be running on your computer when connected to the ADOT VPN.
For maximum protection antivirus and a hardware and/or software firewall application should be in operation at all times. This not only protects ADOT's network but your own system and data as well.
Are there any "Big Brother" or "Spyware" programs involved with VPN?
Yes and no . . . once connected, your computer becomes a trusted member of the ADOT network. However, nothing can be viewed on your computer unless you intentionally (or unintentionally) make files and or folders shared and visible to the network. In any case, it is always a good security practice to use unique user IDs and strong passwords for all local accounts residing on your home system(s).
If the computer is owned by ADOT, the right to perform administrative tasks and audits at any time is reserved by ITG's PC/LAN team.
I have a small network set up at home. Will there be conflicts?
ITG has thoroughly tested the VPN Client with many Security/Personal Firewall software suites, in many environments before deployment. You may need to add your home network's IP addresses to the list of trusted networks to avoid blocking traffic to and from the computer used for VPN access. General instructions on how to perform this task can be found in the VPN user manual. This documents is available on the downloads page.
Understandably it is impossible to test every situation; therefore, if you are experiencing problems after installing the ADOT VPN software, Please contact the ADOT Service Desk at 602.712.7249 for assistance.
Why can’t I browse the network to access system resources such as printers and shared folders?
Your home computer is not a member of any ADOT owned NT Domain. Although you are connected to the IP network, you must supply domain credentials to prove that you are authorized to access protected network resources. Email, network drives, printers and all other resources will prompt for your NT logon information. You must supply these credentials every time a resource is accessed.
For detailed instructions on configuring your specific operating system for NT logon, please refer to the instructions included with the VPN client software on the downloads page. If the connecting computer is owned by ADOT and running Windows NT, 2000 or XP, your initial logon information will be remembered and individual prompts will not be presented (this is possible through the use of "cached" credentials). Email, network drives and other NT security sensitive connection types will be available by means of a "pass through" authentication.
When I try to get my email and/or access network file shares, an intrusive but familiar looking window pops up asking for my username, password and domain again!
If the computer you are using to connect from is not a member of an ADOT owned NT domain, you must supply your domain credentials for each and every network resource request that requires them.
I'm using Cox@Home high speed Internet access. As a Cox subscriber, is there anything I need to do to make the VPN connection work?
Cox has updated the way your home network's computer obtains a IP address and it is no longer necessary to adhere to the Cox computer naming convention. As a result, it is our understanding that no special configuration is required.
If you experience problems with your computer's Internet connectivity, please contact your local broadband provider/ISP.
Back to Top
I can't browse the Internet when I take my ADOT laptop home. Why is that?
ADOT uses a proxy server so that all authorized employees can access the Internet from within the office. While connected to the VPN switch, browsing the Internet is still possible through the same proxy server. Conversely, when disconnected from the VPN your browser can no longer "find" the proxy server's IP address and as a result, your browser stops functioning properly.
If you wish to browse the Internet while disconnected from ADOT's VPN system, you'll need to disable the proxy server settings. Please keep in mind that although you are disconnected from ADOT's network, using ADOT owned equipment for personal use is prohibited.
- Launch Internet Explorer and select Tools, then Internet Options
- Click the Connections tab, then LAN Settings
- Under the Proxy Settings heading, uncheck the Use a Proxy Server for your LAN box
- Click OK twice to save the changes.
Upon returning to the office or during a VPN session, repeat steps 1-4; this time checking the Use a Proxy Server for your LAN box in Step #3.
A screenshot is available for your information. For detailed instructions on how to configure your browser to use the ADOT proxy server, see instructions below.
Why can't I browse the Internet from my personally owned computer at home, while connected to the VPN!?
In consideration for enhanced security, ITG has disabled an option on the VPN hardware called "split-tunneling". In doing so, your connection to the Internet other than specific, ADOT networks is not possible while a VPN session is active.If desired, you may still use your browser for ADOT business purposes while connected remotely. To do so, you must configure the browser for proxy server access.
ADOT logs all web site activity through its proxy server by User ID. If you have configured your computer to access the Internet this way, please remember to disconnect from the VPN switch and disable proxy access before returning to normal (personal) Internet browsing. To configure your browser for proxy server access perform the following steps:
- Launch Internet Explorer and select Tools, then Internet Options
- Click the Connections tab, then LAN Settings
- Under the Proxy Settings heading, check the Use a Proxy Server for your LAN box
- In the Address box, type GATE, enter 8080 for the Port number
- Check the Bypass Proxy Server for local addresses box
- Click the Advanced button
- Ensure the Use the same proxy server for all protocols check box is checked
- In the space provided under Do not use proxy server for addresses beginning with: box, enter: *.azdot.gov
- Click OK three times to save the changes and back out of the Internet Options dialog box.
After your VPN session has been disconnected or you wish to use the browser for personal use, repeat steps 1-3; this time unchecking the Use a Proxy Server for your LAN box in Step #3 then click OK twice to save the change.
A screenshot is available for your information.
