Can't connect to Terminal Server over VPN from Windows 2000 clients, Only XP Professional

Posted on 2004-09-27
Last Modified: 2010-04-14
We have 2 servers. One is the PDC running SBS 2000 Server and the 2nd is a BDC setup as a VPN/Terminal Server.

The VPN server has only one network card and we are passing port 1723 through a 3com Officeconnect Firewall to the internal IP address of the VPN server.

Any remote client CAN successfully connect and authenticate to the VPN Server regardless of OS.

The problem is that only XP Professional remote pc's can connect to the VPN/TS via it's internal ip address. Windows 2000 Professional clients cannot connect to the Terminal Server and also cannot ping it by IP address.

Since Terminal Services and VPN Services are setup properly, what is different between Win 2000 Pro and XP Pro which is preventing some clients from hitting the TS.

I have tried 2 different Win 2000 Pro clients on different remote networks and neither can ping the TS while an XP Pro client on the same remote network has no problem whatsoever. I have setup all pc's to use the default gateway setting in the VPN client.
Question by:amkbailey
  • 2
  • 2
  • 2

Expert Comment

ID: 12162977
Before we try troubleshooting, how many remote clients are at this particular site?
LVL 14

Accepted Solution

dlwyatt82 earned 250 total points
ID: 12163007
I answered a question very similar to this a month or so ago... the problem turned out to be that on both sides of the VPN (in the office and on the home network), the connections were going through a cable router, and the cable routers were both set up to use the same private subnet address (192.168.1.*).

Is this how you have your network set up by any chance? If so, change the subnet you're using on one side or the other of the VPN so they're not identical anymore, and your routing problems will clear up.

Author Comment

ID: 12163030
There will be 4 remote sites with about 5 pc's at each site.

Corporate has about 20 pc's.

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!


Author Comment

ID: 12163040
Yes all remote sites have the same subnet address as corporate but what is odd is that XP Pro handles the routing fine.

Is this an improvement in XP that allows it to work properly versus Win 2000 Professional?
LVL 14

Expert Comment

ID: 12163254
No, it's just a slight difference in which network adapter gets listed in the routing tables for your 192.168.1. whatever subnet. You'll find that on the XP systems, you can't ping anything LOCAL while you're connected to the VPN... you can only connect to systems on the remote network. Windows 2000 does the opposite, but neither can really be considered a "bug" or "improvement" since it's a faulty IP network design that is the root of the problem.

Expert Comment

ID: 12163276
If feasible you may want  to look at having each remote being a Lan-Lan connection instead of Client to lan.  That way you only have to worry about one connection from each remote, instead of 30 clients.

You may want to consider setting up seperate IP segments for each remote site to help the segmentation of your network for easier admin.

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Norton Ghost for Windows NT 5 1,520
Windows 2003 server: List of EVENT IDs 1 740
Slow access to network shares - Win 2000 accessing Win 8 Share 5 147
windows 2000 - Enable wifi 7 152
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In order to fulfill our mission of inspiring learning in the technology community, Experts Exchange is launching a Course of the Month program. Premium and Team Account members will have access to one course per month as a part of their membership, …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question