No Logon Server available through VPN or RAS

Basically we have two methods for remote users to access network resources 1)Through dial-up into a CISCO 3620, or 2)Through VPN client into a CISCO 3000 series concentrator.  In either case the authentication is handled via CISCO Secure ACS v3.1.  Authentication of the AAA clients is tied to an external user database with Windows NT/2000 selected.  Settings for the clients are RADIUS CISCO IOS/PIX and RADIUS CISCO VPN 300 for the RAS and VPN clients, respectivly.  The network is a Windows 2000 network still in mixed mode.  We have about 100 remote users running Windows 2000 Pro on their laptops, and for most of them they can connect, browse the network, access network resources, get their email from the exchange server...etc..  However, a handful of users get "No Logon Server Available" when they try to connect to a network share.  What is strange is that through the sessions log in Secure ACS it would appear that these users are being authenticated in the domain, and in fact they can access their email from the exchange server, they just can't connect to any shared resources.

Any help would be greatly appreciated.
OSBLOATAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Assuming these clients are using Microsoft PPTP VPN client, do these "problem" users have the block in the dialer properties, Networking, TCP/IP, Advanced, "use default gateway on remote network" checked?
See if there is a difference between those that work and those that don't. If most work, but not others, I would say with 90% certainty that it is something configured on the laptop, not the infrastructure.
0
JammyPakCommented:
I would also verify that the WINS and DNS server entries are set properly in the VPN connection properties
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
teddy_nycCommented:
If you're not using DHCP, you have to manually enter the IP address of the Wins server on each client (In TCP/IP Settings) otherwise, if the two networks can ping each other, it'll work.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

OSBLOATAuthor Commented:
Thanks for all your comments.

The connections are made through MS PPP for the RAS dial-up where the default setting to "use default gateway on remote network" has been left checked.  The other way is through a high-speed connection with CISCO's VPN client.

I have found that changing the setting for DNS from automatic in the IP general properties to point at my servers solves the problem with RAS.  This means that the concentrator was handing out the wrong DNS for the client group.  As for the VPN client the jury is still out.

We got 100 remote users alone, we want to use DHCP and dynamic DNS.
0
snoopy13Commented:
For the VPN users what you need to do is enter the radius attributes in the acs group, so if you go to the group and near the bottom of the settings you will see
cisco ios/pix radius attributes
tick 009/001 and in the box enter
ip:dns-servers=x.x.x.x
ip:wins-servers=x.x.x.x
where the x's are your ip addresses for the appropriate devices
0
OSBLOATAuthor Commented:
Thanks for the info, that is exactly what I was looking for.
0
moduloCommented:
Hi OSBLOAT,

Looks like there's some confusion about the selected answer.
snoopy13 posted a question in CS:
http://www.experts-exchange.com/Community_Support/Q_20579688.html

Did you intend to have this Q answered by JammyPak ?

modulo

Community Support Moderator
Experts Exchange
0
JammyPakCommented:
What happened was that my answer was accepted before snoopy13 posted their comment.

I'll accept whatever decision is made - as you can see, my answer was pretty brief...
0
moduloCommented:
I guess the answer selection has been OK, no further action as far as I'm concerned.

Thanks for explaining JammyPak !

modulo

Community Support Moderator
Experts Exchange
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.