• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

is it possable to Authenticate to win2k server over vpn

            have an application that needs me logged into AD to be able to use it. I can map fine also I can use outlook. I just cant
authenticate to AD and it is being a pain.
               Also is it possable to join the domain over vpn?
0
briankeegan
Asked:
briankeegan
  • 17
  • 11
  • 6
2 Solutions
 
jdeclueCommented:
You can join the domain over VPN... but you must set your connection to a dial up using vpn, so it will create the connection when you login and not afterwards....

I am confused as to the first part... when you say map fine and login into outlook, you mean you are doing these manually without having logged into the domain... you are supplying your login credentials each time, right?
 
0
 
briankeeganAuthor Commented:
what happens is i log into outlook and it askes for me for my id/pwd/domain  I map it will ask me to provide an id/pwd does not ask for domain.
0
 
jdeclueCommented:
Ok I thought so. So you need to log in to the domain over a VPN connection.. This is the same as a remote user which is dialing into a domain. I will give you the instructions for setting that up if you would like.
0
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

 
briankeeganAuthor Commented:
yes please!! and thanks you.
0
 
jdeclueCommented:
To try and make this easier... what kind of VPN client are you using? Microsoft, Checkpoint, Cisco.. etc?

J
0
 
briankeeganAuthor Commented:
cisco client
0
 
jdeclueCommented:
Okay...getting you the docs... hang on.
0
 
briankeeganAuthor Commented:
thank bunches
0
 
jdeclueCommented:
From the Start menu choose All Programs (Windows XP) or Programs (Windows 2000) then click Cisco Systems VPN Client. From the list that appears, Right Click on VPN Dialer and select Copy. Go to the Desktop and Right Click. Select Paste.
Double Click on the VPN dialer shortcut to open the connection dialog box.
NOTE: The default Connection Entry is selected. Do not attempt to change or edit this entry.
Click the Options button and select Properties....
Click the Use IPSec over TCP (NAT/PAT/Firewall) radio button. Click OK.
Click the Options button and select Windows Logon Properties....
Check Enable start before logon. Click OK.

Click Connect. Enter your PSU username and password when prompted. Click OK. A small lock will now appear in the notification area of the task bar.
Right Click on small lock in Notification Area in the lower right of the Task Bar, choose Disconnect.
Restart your computer.
As the computer restarts, if you normally need to press CTRL-ALT-DEL, press these keys now. Then WAIT for the VPN client login to appear. Go to the next step.
If you don't press CTRL-ALT-DEL as you start the computer, you should still WAIT for the VPN client login to appear before you go to the next step.
When the VPN client login appears, click Connect. Enter your PSU username and password when prompted. Press the Enter key.
0
 
jdeclueCommented:
These are instructions for Penn State University, but are close enough to get you taken care of... let me know if you need more info.

J
0
 
briankeeganAuthor Commented:
this will work with my group access through the firewall AND  authtacate me to em server ? if so excellent I will try it when i get home in a few thanks man!!!
0
 
jdeclueCommented:
No problem.. I will be here for about 1 more hour... then gone until monday... let me know how it works out.

J
0
 
briankeeganAuthor Commented:
i was wondering what psu username and passord stood for. i was thinking primary system and could not go any further
0
 
jdeclueCommented:
lol;) Primary Station? that is a bit geeky.

0
 
briankeeganAuthor Commented:
this is the error i get

Initializing the connection...
Initiating TCP to 208.44.183.8, port 10000...
Failed to establish a TCP connection.

any ideas ? do i need to use port forwarding? exactley how is that done on a linksys?
0
 
Debsyl99Commented:
Hi
Depends how the firewall's setup at the other end - you may need to change the tunneling for tcp to udp. Open up options, properties on the vpn client - Under enable transparent tunneling check Allow ipsec over UDP, then try it again,

Deb :))

0
 
briankeeganAuthor Commented:
that was hte option i had before.  probem is i still dont authentacate to my win2k server.

i know there has to be a way because outloo askes for user name and id.

thanks though i am sure i will get this odne some how
0
 
briankeeganAuthor Commented:
god i realy need to re-read my post ore carefully hte=the.

i think i problem is is I do not have version 6.3 on my pix at work. even though i enable transparent tunneling on the client i dont believe the firewall supports it till 6.3 i only have 6.2.
0
 
Debsyl99Commented:
Hi

I'm using 6.2 and I can authenticate/ login to my domain remotely. How I did it:
If XP - disable internet connection firewall - you must have this disconnected any way.
Connect to the internet - then connect via the vpn dialler as usual - then join the pc to the domain, exactly as you would from a lan.
Then enable the windows logon - start vpn dialler before logon, as already described and you should be able to do it:

Deb :))
0
 
briankeeganAuthor Commented:
i tried it and it does not see my domain (mas-bloom3) should i make a lmhost file and point it to one of the pdc's(i know that is a winnt thing but i forgot what it is called in ad/winn2k
0
 
briankeeganAuthor Commented:
i am using dsl mdem/linksys router do i need portforwarding?
0
 
Debsyl99Commented:
Sorry - it's the weekend and had to go to a barbecue, which was fun but the karaoke got too much in the end....

Now I live on a regular basis with a couple of pix firewalls and the cisco vpn client which I am mostly ok with but beyond that I am no wan expert I'm afraid (working on it, but just not got there yet)- Are you the admin for the pix / domain? If not you really need to speak to them. If you are the system/domain admin I suggest you post as much info as you can into a question that you then use as a pointer to this one as there may be other ports/access permissions etc that you need to configure to allow the remote pc to join the domain.

Sorry I can't be any further help on this,

Deb :))
0
 
briankeeganAuthor Commented:
glad the barbaquee was fun. i went and saw calaterial(great). actually betwrn both of yall 2 i think i am able to join the domain. there is a few wrinkles i need to try out first but i am far enough to figure out the rest.

oh ya i am on the network side(pix/router) and dektop/server side(win2k/98)
0
 
briankeeganAuthor Commented:
forgot thankd both of you i will have to figure out exacly which one helpped i think it was a combo of both of yall . i will just split the points when i go to work tomorrow
0
 
jdeclueCommented:
Thats cool, I am glad Deb was able to pick up, as I was out. Deb is fantastic! You had some good people on this one.

J
0
 
Debsyl99Commented:
Aw shucks - You flatter me JD but thanks for the compliment :))
Brian let us know how you go - if we can be of further help, just post,

Deb :))
0
 
briankeeganAuthor Commented:
thanks people yall(youse) so rock!! i am guessing i should split points? i have to figure out which ones did the trick.
0
 
briankeeganAuthor Commented:
now if i can ony get it to work behind a a firewall at our remote location
0
 
jdeclueCommented:
Brian, glad I could help, take care and if you have issues again, you know where to come! J

Hey Deb, I think we are ending up as some kind of Tag Team in the Windows 2000 forum!
0
 
Debsyl99Commented:
Glad we helped Brian,

JD - Yeah - it does! Looks like Transatlantic teamwork CAN be a good thing ;))


Deb :))
0
 
briankeeganAuthor Commented:
where are yall from?
0
 
jdeclueCommented:
Washington D.C, Northern Virginia Area.... Come on now Deb... England and America ... The Ultimate Dream Team ;)

J
0
 
Debsyl99Commented:
lol!
UK - Yorkshire - Northern England and as everyone non-uk always asks - about 200 miles from London ;)
0
 
briankeeganAuthor Commented:
my grandparents are from ireland(relively cllose) when i went to dominican republic i met some people from yorkshire and they spent like an hour  trying to get me to say yorkshire pudding the correct way. i live in jersey not fay from washingto dc. also i was supposed to be stationed at quanaco when i was in the marines but my time was up.

it such a small world
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 17
  • 11
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now