VPN Error 800 Two XP users cannot connect but all other users can, including XP

If everyone else can connect, then the issue is pretty much locked down to something different about these two systems and the way they connect. My experience with Sr executives is they just love to lock their systems down to make them secure by downloading the latest/greatest stuff, then raise holy heck when it doesn't work any more. It couldn't have been something they did, they are Sr Exec's, and if they didn't know what they were doing, the would be peons like you.
Been there done that.
What kind of VPN client are you using? What are they connecting to?
Any recent applications installed? Service packs? Anti-Virus?
how are they connecting? Dialup? DSL? Cable?

We are using the built in XP VPN client. One user is on a hdesktop connecting through a cable modem, and the other is on a laptop through a DSL line. Both are XP Por and at least one is SP1, the other is on the west coast and won't be in for a few hours, but I think it is SP1 as well. The one user insists he is not running a firewall, but he is the head of Security ( and loves to play with his computer) so I don't beleive him. He is bringing his machine back this morning for us to keep for 24 hours for testing. The other user is running Zone Alarm Pro, which we know blocks our VPN, but even with ZA turned off they still can't connect. We agree with you that it is a machine specific problem, but we are at a loss where to look next. Let me know if you can think of anything. I really apppreciate you taking the time to help us out. If we discover anything I will let you know.

John Valentine
jvalentine@indigo.ca

Re - install vanilla?

give 'em a loaner?

Failing that, buy a gun or change jobs :)

Several applications install a personal firewall. XP has one built in, PC-Cillin includes one, serveral VPN Clients have a firewall (Cisco VPN 3000, Raptor Eagle Mobile, etc), Norton Internet Security. Simply disabling ZA might not be enough, you have to first permit the connection, then disable.

Could be a routing problem, although it's unlikely unless both execs use the same ISP. I'd try a different client like one approved by your router manufacturer.. I've never got MS clients to work properly, they could also do some basic telneting in.

Does your router have specific rules about access from certain IP addresses / MAC addresses, is the virtual server configured in mmore than one place? On my router at home I have to enable a packet filter by port and address AND set up a virtual server rule to forward it to the packet filter.

HTH

To lmoore:

What exactly do you mean by "first permit the connection?" We have never been able to get a machine with Zone Alarm Pro to connect to VPN, although ZA is set to pass VPN.

To simonains:

I have passed your comments on to the network/telecom who maintain the routers to see if they need to make some config changes.

Thank you both for your helpful comments.
My next course of action is to take an XP laptop home and test on MY cable modem. If it works there then we will FDX it to the West coast and try it there. If it works then the problem would seem to be machine config. If it doesn't then we would suspect the cable connection setup.

John Valentine

I concur with Irmoore, you never know what's going on in the background with these things. You're idea of using your own connection is a good one, but you might also want to try one of the 'dodgy' laptops too and see if that one can connect, just to be sure. If it doesn't, you could then uninstall ZA at the same time and try it again. I always take the M$ route with thes things and just 'cut out the cancer' by un/reinstalling, sometimes even the whole OS. Usually, the user can't remember/won't admit the last thing they installed, and then at least you know that if it breaks again, it's something they did.

HTH

Simonains

Sorry I haven't gotten back to you, but we have had some other server problems that make the problems of these two users seem pretty insignificant. We finally have our hands on the one laptop, so we can do some testing of our own. I will let you know what we find.

John

John, any updates for us?

Your timing is perfect, because I am expecting a call from the West Coast any minute to try and straighten out the last user. The other user with the problem, who happens to be our Corporate Security Chief ( are we in trouble or what) swore up and down that he was not running a personal firewall. When I went to his house I found not only a LinkSys firewall/router, but it was set to block PPTP. He said that he didn't think PPTP was the same as VPN, but he also didn't think he was running a firewall. Remember, this is the guy who advises the CEO on network security.

I am sure the West Coast user is running a firewal as well, but she is going to have me speak to her significant other who "knows more about computer thingies", so I will let you know what comes of it.

John

john_v,
No comment has been added lately (44 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: Award points to lrmoore http:#8264906

Please leave any comments here within 7 days.

-- Please DO NOT accept this comment as an answer ! --

Thanks,

lrmoore
EE Cleanup Volunteer