Solved

VPN - Setting up a IBM Laptop running Windows XP to connect to a Windows 2000 Server

Posted on 2004-08-31
32
909 Views
Last Modified: 2010-04-12
We have a Windows 2000 Server for our office network.  We have 10 computers connected, and we store most of our data on this server.  My boss needs to connect to this information while on the road using Cox Dial-Up or AOL Dial-Up.  The server is behind a LINKSYS BEFVP41 Router and a 3COM 3300 XM Switch.  We use a Cox Cable modem for our internet connection, and the XP Laptop can see the network fine as long as it is plugged into the LAN.  We use Softremote LT, and we have successfully set up a VPN for a Dell Windows 2000 Laptop.  But on the XP Laptop, the network is unavailable.  The laptop appears to be connecting to the VPN, but you just can't see anything.

I was hoping someone could give me some ways to get this thing working properly.  Also, please let me know if I left out any details because I am not the greatest with networking.
0
Comment
Question by:jamesesmith
  • 19
  • 13
32 Comments
 
LVL 18

Expert Comment

by:JConchie
ID: 11947626
Does this laptop have XP service pack two loaded.  If so, the firewall is on by default and you will have to configure it to allow access.
0
 

Author Comment

by:jamesesmith
ID: 11951675
Yes, it does have XP service pack two loaded.  I will check and see if this is the problem when my boss comes in...

Thanks,
Brandon
0
 

Author Comment

by:jamesesmith
ID: 11972892
That wasn't the problem, but I am currently trying some other stuff...  I redoing his account in the Active Directory to see if that is the problem.
0
 

Author Comment

by:jamesesmith
ID: 11973002
Oh, and the laptop does not have Service Pack 2... it still has SP1.
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11973032
besides his user account, make sure the XP laptop is joined to the domain and has an account under "computers" in Active Directory "Users and Computers"
0
 

Author Comment

by:jamesesmith
ID: 11973334
The laptop has an account under computers.  I am dialed into the VPN right now, and it appears to be connected, but I cannot see any of the shared resources.  The router is saying the VPN is connected, and I can even see our domain JES-Engineer under Entire Network.  But when I try to open it, I get "JES-Engineer is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.       The list of servers for this workgroup is not currently available."

I cannot figure out why this error is coming up because I have another laptop (using Windows 2000) that can connect just fine, and I have set up both users the exact same in the active directory.
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11973487
When the user logs on to the laptop, is it with domain credentials?  In other words, in the third box under user name and password, are you logging into the domain or to the local machine....if it is the local machine, then you are not going to have permissions passed to the domain...and you will be blocked from domain resources.
0
 

Author Comment

by:jamesesmith
ID: 11973500
I am logging in to our domain, JES-Engineer
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11973904
Ok, next thing to look at is if this is a DNS issue.....if the machine can't contact a DC, it will not be able to get permissions to your shares.  Is your laptop pointing to your internal DNS server as it's primary DNS?  How is your DNS set up? The ideal is to have all your machines pointing to your local DNS server and have it set up to be a redirector to your ISP's DNS for internet resolution.

Are you running WINS?  Are you using lmhosts file to point to your DC(s)?

Simple way to test this:

from the laptop, ping the DC/server by IP address.....if you get four good replies, you know that the VPN is working and that you in fact are connected to your local network
then:
Ping the DC/server by name...ie:  "ping myserver"   If name resolution is working, you should immediately get a line that says: "Pinging myserver [192.168.x.x] with 32 bytes of data"   That tells you that name resolution is working and the laptop can find the DC.....at that point we start looking at permission issues.

If the server name does not resolve to an ip address and you get a "unknown host myserver" message, then we have a name resoultion problem....which means the laptop is unable to find the DC to get permissions to resources.

0
 

Author Comment

by:jamesesmith
ID: 11974174
After I changed a couple of settings, I am now able to ping the server ip... finally.

I did the following from DOS:

ping 192.168.1.1   and I get 4 good tries eventually

when I tried to do:

ping SERVER01    I get an unknown host message

So I guess this is a name resolution problem... Any suggestions from here?

Thanks,
Brandon
0
 

Author Comment

by:jamesesmith
ID: 11974289
Just for reference, in case anyone else has this problem...

In order for me to even ping my server (Windows 2000 Server), I had to open up my TCP/IP properties for the VPN connection
Under networking, then advanced, uncheck the default gateway... then under WINS, I had to disable NetBIOS.  I do have the LMHost box checked.
0
 

Author Comment

by:jamesesmith
ID: 11974413
Stratch that part about disabling NetBios, I left it enabled.
0
 
LVL 18

Accepted Solution

by:
JConchie earned 500 total points
ID: 11974450
Brandon,
Getting into how your DNS is set up could be opening a very large can of worms...so simplest wasy to do this is with an lmhosts file....just checking the box in tcp/ip properties, on the Wins tab, doen't do anything ...you have to write the file itself.

On the laptop, open a blank notepad document and type the following on on line.  Substitue the correct your DC server ip address and name in the first and second segments of the line.  Put about half a dozen spaces between each segment of the line.

192.168.1.1            myservername         #PRE #DOM:main      #our DC


Do "save as" and call the file "mycompanynamelmhost, save it as a .txt file to a location on the laptop where you can find it again.

go back into tcp/ip properties for the VPN connection, click the "advanced" button, go to the WINS tab, leave the "enable lmhosts lookup" box checked, and click on the "Import lmhosts" button........browse to where ever you saved your newly created "mycompanynamelmhosts.txt" and double click on it.  That will take you back to the WINS tab.....click "OK" and "OK" and "OK"  and get back out to your desktop.
Go to start/run, enter "cmd" to get to the command prompt......type "ping mydcservername"  and it should now resolve to the IP address and give you four solid replies.....then restart your laptop, login to the domain, with a domain user account...start the VPN...and you will [I hope, ;-) ]  be able to access your network shares.....
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11974463
"on on line":  should read "on one line"
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11974486
Hold it , Hold it......I just screwed up....I copied from one of my lmhosts files...and the part of the line that reads:

"#PRE #DOM:main"        main is one of my domains....you need to substitue the name of your domain in place of "main"
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11974501
and don't forget, you don't use the quotation marks I have put around things...... :-)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 18

Expert Comment

by:JConchie
ID: 11974517
and it is a good thing, in your situation, to have NetBios enabled.
0
 

Author Comment

by:jamesesmith
ID: 11974803
Heh, should I copy a lmhost file from the laptop that has the VPN working?
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11975058
If you have one and it contains the name and IP of your DC......sure....  :-)
0
 

Author Comment

by:jamesesmith
ID: 11975345
It is still not working... I can ping the server 192.168.1.1 and I can ping it by the name SERVER01... but I cannot see anything on the network.

0
 

Author Comment

by:jamesesmith
ID: 11975798
As far as the DNS Settings, I am not sure how they are set up.  How should they be configured?
0
 

Author Comment

by:jamesesmith
ID: 11975992
And now the internet explorer will not work when I hook the LAN back up....
0
 

Author Comment

by:jamesesmith
ID: 11976322
Tell me if you think this is the problem...

When I am connected to Dial-Up and 'supposedly' connect to the vpn.  I ran ipconfig and everything looked fine except the VPN Connection didn't have a default gateway.  It had an IP and a Subnet.  
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11976498
Brandon,
I'm about to leave for the weekend....will have to persue this next week....how are you setting up the VPN?  Do you have a DNS server running on you LAN?  Also what permissions do you have set on your shares?
0
 

Author Comment

by:jamesesmith
ID: 11976554
Yes, we have a DNS Server running on the LAN, and I have all the permissions set fine for the shares because I can access them all from my other laptop.
0
 

Author Comment

by:jamesesmith
ID: 11976602
Do you know why I might now be getting a Default Gateway on the XP Laptop?
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11976613
no, what is the ip address of it....and how are you accessing the internet? do you have a firewall.....what are you using to set up vpn?  need to understand setup of your network better to do anything more with this
0
 

Author Comment

by:jamesesmith
ID: 11976707
I am accessing the internet using Cox Dial-Up services.  Yes, we have a Norton Personal Firewall set up on every computer on the network.  I am using SoftRemote LT to set up the VPN.

I checked the 'use default gateway' box on the tcp/ip of the VPN, and I now have a default gateway, but it won't let me access the internet, and I still can't see the network.  I can ping the server though...

Here is what I am seeing from ipconfig... Cox is the dial-up  and our server is 192.168.1.200

Ethernet adapter Local Area Connection:
        Media State . . . . . . . . . . . : Media disconnected
PPP adapter Cox:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 66.76.6.194
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 66.76.6.194
PPP adapter JES VPN:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.4
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.4
0
 
LVL 18

Expert Comment

by:JConchie
ID: 11976786
The default gateway on the machine is set to point to itself....that's why you can't get out to the internet.....use the ip address of your interior lan gateway and that should get you out to the internet.  Got to go, will check in with you on tuesday.
0
 

Author Comment

by:jamesesmith
ID: 11976912
Thanks for your help!  
0
 

Author Comment

by:jamesesmith
ID: 11977437
I checked the log for the router, and I can see the Laptop trying to connect, but then a red line shows up like the following:

IKE[71] ** Check your Encryption and Authentication method settings !

Thanks,
Brandon
0
 

Author Comment

by:jamesesmith
ID: 12008236
Thanks for your help, I am gong to open up another question with the specific details of the problem.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now