VPN - Setting up a IBM Laptop running Windows XP to connect to a Windows 2000 Server

Does this laptop have XP service pack two loaded.  If so, the firewall is on by default and you will have to configure it to allow access.

Yes, it does have XP service pack two loaded.  I will check and see if this is the problem when my boss comes in...

Thanks,
Brandon

That wasn't the problem, but I am currently trying some other stuff...  I redoing his account in the Active Directory to see if that is the problem.

Oh, and the laptop does not have Service Pack 2... it still has SP1.

besides his user account, make sure the XP laptop is joined to the domain and has an account under "computers" in Active Directory "Users and Computers"

The laptop has an account under computers.  I am dialed into the VPN right now, and it appears to be connected, but I cannot see any of the shared resources.  The router is saying the VPN is connected, and I can even see our domain JES-Engineer under Entire Network.  But when I try to open it, I get "JES-Engineer is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.       The list of servers for this workgroup is not currently available."

I cannot figure out why this error is coming up because I have another laptop (using Windows 2000) that can connect just fine, and I have set up both users the exact same in the active directory.

When the user logs on to the laptop, is it with domain credentials?  In other words, in the third box under user name and password, are you logging into the domain or to the local machine....if it is the local machine, then you are not going to have permissions passed to the domain...and you will be blocked from domain resources.

I am logging in to our domain, JES-Engineer

Ok, next thing to look at is if this is a DNS issue.....if the machine can't contact a DC, it will not be able to get permissions to your shares.  Is your laptop pointing to your internal DNS server as it's primary DNS?  How is your DNS set up? The ideal is to have all your machines pointing to your local DNS server and have it set up to be a redirector to your ISP's DNS for internet resolution.

Are you running WINS?  Are you using lmhosts file to point to your DC(s)?

Simple way to test this:

from the laptop, ping the DC/server by IP address.....if you get four good replies, you know that the VPN is working and that you in fact are connected to your local network
then:
Ping the DC/server by name...ie:  "ping myserver"   If name resolution is working, you should immediately get a line that says: "Pinging myserver [192.168.x.x] with 32 bytes of data"   That tells you that name resolution is working and the laptop can find the DC.....at that point we start looking at permission issues.

If the server name does not resolve to an ip address and you get a "unknown host myserver" message, then we have a name resoultion problem....which means the laptop is unable to find the DC to get permissions to resources.

After I changed a couple of settings, I am now able to ping the server ip... finally.

I did the following from DOS:

ping 192.168.1.1   and I get 4 good tries eventually

when I tried to do:

ping SERVER01    I get an unknown host message

So I guess this is a name resolution problem... Any suggestions from here?

Thanks,
Brandon

Just for reference, in case anyone else has this problem...

In order for me to even ping my server (Windows 2000 Server), I had to open up my TCP/IP properties for the VPN connection
Under networking, then advanced, uncheck the default gateway... then under WINS, I had to disable NetBIOS.  I do have the LMHost box checked.

Stratch that part about disabling NetBios, I left it enabled.

"on on line":  should read "on one line"

Hold it , Hold it......I just screwed up....I copied from one of my lmhosts files...and the part of the line that reads:

"#PRE #DOM:main"        main is one of my domains....you need to substitue the name of your domain in place of "main"

and don't forget, you don't use the quotation marks I have put around things...... :-)

and it is a good thing, in your situation, to have NetBios enabled.

Heh, should I copy a lmhost file from the laptop that has the VPN working?

If you have one and it contains the name and IP of your DC......sure....  :-)

It is still not working... I can ping the server 192.168.1.1 and I can ping it by the name SERVER01... but I cannot see anything on the network.

As far as the DNS Settings, I am not sure how they are set up.  How should they be configured?

And now the internet explorer will not work when I hook the LAN back up....

Tell me if you think this is the problem...

When I am connected to Dial-Up and 'supposedly' connect to the vpn.  I ran ipconfig and everything looked fine except the VPN Connection didn't have a default gateway.  It had an IP and a Subnet.  

Brandon,
I'm about to leave for the weekend....will have to persue this next week....how are you setting up the VPN?  Do you have a DNS server running on you LAN?  Also what permissions do you have set on your shares?

Yes, we have a DNS Server running on the LAN, and I have all the permissions set fine for the shares because I can access them all from my other laptop.

Do you know why I might now be getting a Default Gateway on the XP Laptop?

no, what is the ip address of it....and how are you accessing the internet? do you have a firewall.....what are you using to set up vpn?  need to understand setup of your network better to do anything more with this

I am accessing the internet using Cox Dial-Up services.  Yes, we have a Norton Personal Firewall set up on every computer on the network.  I am using SoftRemote LT to set up the VPN.

I checked the 'use default gateway' box on the tcp/ip of the VPN, and I now have a default gateway, but it won't let me access the internet, and I still can't see the network.  I can ping the server though...

Here is what I am seeing from ipconfig... Cox is the dial-up  and our server is 192.168.1.200

Ethernet adapter Local Area Connection:
        Media State . . . . . . . . . . . : Media disconnected
PPP adapter Cox:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 66.76.6.194
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 66.76.6.194
PPP adapter JES VPN:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.4
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.4

The default gateway on the machine is set to point to itself....that's why you can't get out to the internet.....use the ip address of your interior lan gateway and that should get you out to the internet.  Got to go, will check in with you on tuesday.

Thanks for your help!  

I checked the log for the router, and I can see the Laptop trying to connect, but then a red line shows up like the following:

IKE[71] ** Check your Encryption and Authentication method settings !

Thanks,
Brandon

Thanks for your help, I am gong to open up another question with the specific details of the problem.