Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

No Logon Server available through VPN or RAS

Posted on 2003-03-31
9
Medium Priority
?
412 Views
Last Modified: 2008-02-01
Basically we have two methods for remote users to access network resources 1)Through dial-up into a CISCO 3620, or 2)Through VPN client into a CISCO 3000 series concentrator.  In either case the authentication is handled via CISCO Secure ACS v3.1.  Authentication of the AAA clients is tied to an external user database with Windows NT/2000 selected.  Settings for the clients are RADIUS CISCO IOS/PIX and RADIUS CISCO VPN 300 for the RAS and VPN clients, respectivly.  The network is a Windows 2000 network still in mixed mode.  We have about 100 remote users running Windows 2000 Pro on their laptops, and for most of them they can connect, browse the network, access network resources, get their email from the exchange server...etc..  However, a handful of users get "No Logon Server Available" when they try to connect to a network share.  What is strange is that through the sessions log in Secure ACS it would appear that these users are being authenticated in the domain, and in fact they can access their email from the exchange server, they just can't connect to any shared resources.

Any help would be greatly appreciated.
0
Comment
Question by:OSBLOAT
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8242286
Assuming these clients are using Microsoft PPTP VPN client, do these "problem" users have the block in the dialer properties, Networking, TCP/IP, Advanced, "use default gateway on remote network" checked?
See if there is a difference between those that work and those that don't. If most work, but not others, I would say with 90% certainty that it is something configured on the laptop, not the infrastructure.
0
 
LVL 16

Accepted Solution

by:
JammyPak earned 1500 total points
ID: 8245703
I would also verify that the WINS and DNS server entries are set properly in the VPN connection properties
0
 

Expert Comment

by:teddy_nyc
ID: 8248882
If you're not using DHCP, you have to manually enter the IP address of the Wins server on each client (In TCP/IP Settings) otherwise, if the two networks can ping each other, it'll work.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:OSBLOAT
ID: 8249235
Thanks for all your comments.

The connections are made through MS PPP for the RAS dial-up where the default setting to "use default gateway on remote network" has been left checked.  The other way is through a high-speed connection with CISCO's VPN client.

I have found that changing the setting for DNS from automatic in the IP general properties to point at my servers solves the problem with RAS.  This means that the concentrator was handing out the wrong DNS for the client group.  As for the VPN client the jury is still out.

We got 100 remote users alone, we want to use DHCP and dynamic DNS.
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 8282415
For the VPN users what you need to do is enter the radius attributes in the acs group, so if you go to the group and near the bottom of the settings you will see
cisco ios/pix radius attributes
tick 009/001 and in the box enter
ip:dns-servers=x.x.x.x
ip:wins-servers=x.x.x.x
where the x's are your ip addresses for the appropriate devices
0
 

Author Comment

by:OSBLOAT
ID: 8284141
Thanks for the info, that is exactly what I was looking for.
0
 

Expert Comment

by:modulo
ID: 8307903
Hi OSBLOAT,

Looks like there's some confusion about the selected answer.
snoopy13 posted a question in CS:
http://www.experts-exchange.com/Community_Support/Q_20579688.html

Did you intend to have this Q answered by JammyPak ?

modulo

Community Support Moderator
Experts Exchange
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8308090
What happened was that my answer was accepted before snoopy13 posted their comment.

I'll accept whatever decision is made - as you can see, my answer was pretty brief...
0
 

Expert Comment

by:modulo
ID: 8322760
I guess the answer selection has been OK, no further action as far as I'm concerned.

Thanks for explaining JammyPak !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This program is used to assist in finding and resolving common problems with wireless connections.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question