?
Solved

No Logon Server available through VPN or RAS

Posted on 2003-03-31
9
Medium Priority
?
410 Views
Last Modified: 2008-02-01
Basically we have two methods for remote users to access network resources 1)Through dial-up into a CISCO 3620, or 2)Through VPN client into a CISCO 3000 series concentrator.  In either case the authentication is handled via CISCO Secure ACS v3.1.  Authentication of the AAA clients is tied to an external user database with Windows NT/2000 selected.  Settings for the clients are RADIUS CISCO IOS/PIX and RADIUS CISCO VPN 300 for the RAS and VPN clients, respectivly.  The network is a Windows 2000 network still in mixed mode.  We have about 100 remote users running Windows 2000 Pro on their laptops, and for most of them they can connect, browse the network, access network resources, get their email from the exchange server...etc..  However, a handful of users get "No Logon Server Available" when they try to connect to a network share.  What is strange is that through the sessions log in Secure ACS it would appear that these users are being authenticated in the domain, and in fact they can access their email from the exchange server, they just can't connect to any shared resources.

Any help would be greatly appreciated.
0
Comment
Question by:OSBLOAT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8242286
Assuming these clients are using Microsoft PPTP VPN client, do these "problem" users have the block in the dialer properties, Networking, TCP/IP, Advanced, "use default gateway on remote network" checked?
See if there is a difference between those that work and those that don't. If most work, but not others, I would say with 90% certainty that it is something configured on the laptop, not the infrastructure.
0
 
LVL 16

Accepted Solution

by:
JammyPak earned 1500 total points
ID: 8245703
I would also verify that the WINS and DNS server entries are set properly in the VPN connection properties
0
 

Expert Comment

by:teddy_nyc
ID: 8248882
If you're not using DHCP, you have to manually enter the IP address of the Wins server on each client (In TCP/IP Settings) otherwise, if the two networks can ping each other, it'll work.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:OSBLOAT
ID: 8249235
Thanks for all your comments.

The connections are made through MS PPP for the RAS dial-up where the default setting to "use default gateway on remote network" has been left checked.  The other way is through a high-speed connection with CISCO's VPN client.

I have found that changing the setting for DNS from automatic in the IP general properties to point at my servers solves the problem with RAS.  This means that the concentrator was handing out the wrong DNS for the client group.  As for the VPN client the jury is still out.

We got 100 remote users alone, we want to use DHCP and dynamic DNS.
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 8282415
For the VPN users what you need to do is enter the radius attributes in the acs group, so if you go to the group and near the bottom of the settings you will see
cisco ios/pix radius attributes
tick 009/001 and in the box enter
ip:dns-servers=x.x.x.x
ip:wins-servers=x.x.x.x
where the x's are your ip addresses for the appropriate devices
0
 

Author Comment

by:OSBLOAT
ID: 8284141
Thanks for the info, that is exactly what I was looking for.
0
 

Expert Comment

by:modulo
ID: 8307903
Hi OSBLOAT,

Looks like there's some confusion about the selected answer.
snoopy13 posted a question in CS:
http://www.experts-exchange.com/Community_Support/Q_20579688.html

Did you intend to have this Q answered by JammyPak ?

modulo

Community Support Moderator
Experts Exchange
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8308090
What happened was that my answer was accepted before snoopy13 posted their comment.

I'll accept whatever decision is made - as you can see, my answer was pretty brief...
0
 

Expert Comment

by:modulo
ID: 8322760
I guess the answer selection has been OK, no further action as far as I'm concerned.

Thanks for explaining JammyPak !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question