Can't connect to Terminal Server over VPN from Windows 2000 clients, Only XP Professional

Posted on 2004-09-27
Last Modified: 2010-04-14
We have 2 servers. One is the PDC running SBS 2000 Server and the 2nd is a BDC setup as a VPN/Terminal Server.

The VPN server has only one network card and we are passing port 1723 through a 3com Officeconnect Firewall to the internal IP address of the VPN server.

Any remote client CAN successfully connect and authenticate to the VPN Server regardless of OS.

The problem is that only XP Professional remote pc's can connect to the VPN/TS via it's internal ip address. Windows 2000 Professional clients cannot connect to the Terminal Server and also cannot ping it by IP address.

Since Terminal Services and VPN Services are setup properly, what is different between Win 2000 Pro and XP Pro which is preventing some clients from hitting the TS.

I have tried 2 different Win 2000 Pro clients on different remote networks and neither can ping the TS while an XP Pro client on the same remote network has no problem whatsoever. I have setup all pc's to use the default gateway setting in the VPN client.
Question by:amkbailey
  • 2
  • 2
  • 2

Expert Comment

ID: 12162977
Before we try troubleshooting, how many remote clients are at this particular site?
LVL 14

Accepted Solution

dlwyatt82 earned 250 total points
ID: 12163007
I answered a question very similar to this a month or so ago... the problem turned out to be that on both sides of the VPN (in the office and on the home network), the connections were going through a cable router, and the cable routers were both set up to use the same private subnet address (192.168.1.*).

Is this how you have your network set up by any chance? If so, change the subnet you're using on one side or the other of the VPN so they're not identical anymore, and your routing problems will clear up.

Author Comment

ID: 12163030
There will be 4 remote sites with about 5 pc's at each site.

Corporate has about 20 pc's.

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 12163040
Yes all remote sites have the same subnet address as corporate but what is odd is that XP Pro handles the routing fine.

Is this an improvement in XP that allows it to work properly versus Win 2000 Professional?
LVL 14

Expert Comment

ID: 12163254
No, it's just a slight difference in which network adapter gets listed in the routing tables for your 192.168.1. whatever subnet. You'll find that on the XP systems, you can't ping anything LOCAL while you're connected to the VPN... you can only connect to systems on the remote network. Windows 2000 does the opposite, but neither can really be considered a "bug" or "improvement" since it's a faulty IP network design that is the root of the problem.

Expert Comment

ID: 12163276
If feasible you may want  to look at having each remote being a Lan-Lan connection instead of Client to lan.  That way you only have to worry about one connection from each remote, instead of 30 clients.

You may want to consider setting up seperate IP segments for each remote site to help the segmentation of your network for easier admin.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate DFS role 3 797
kerberos errors 7 545
Virtualise server 2000 for Hyper V 4 841
windows 2000 - Enable wifi 7 132
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now