Solved

Win 2000 VPN Server, XP VPN Client, Issues

Posted on 2004-10-26
348 Views
Last Modified: 2011-04-14
Greetings,

I have 2 Win 2K Server machines connected to a router (T1) that is wide open with no NAT or other network security devices.  Both machines are running BlackIce firewall.  Both machines have a 2nd NIC to the LAN.  We are not using DHCP.  We are using static IPs and there are less than 20 client machines on the LAN.

One of the Win 2K servers has RRAS running.  It is also acting as a WINS server, file server, and a proxy server for the LAN.  The other server is an internet server running IIS.

Here's the rub.  I can connect to the VPN from my Win 2000 machine at home, (as well as a 98 machine).  Even though I cannot ping any IPs on the LAN at the office (from my home machine), nor UNC names, I can "search for computers", find any machine on the office LAN through the VPN, and map network shares via that methodology...

With an XP VPN client, I can connect, I still have the same "pinging/UNC" issues, but I cannot "search for computers", and find anyone, (computers), on the VPN-LAN.  It may or may not be important, but all machines on the LAN (as well as my home 2k machine) have Netbeui installed as a protocol (even the XP machine at the office).  The problem (maybe) is that the XP VPN Client will not allow installation of that Netbeui protocol to the VPN network connection, while the 2k VPN client will.

And there you have it.
0
Question by:autorealty
    11 Comments
     
    LVL 7

    Expert Comment

    by:blin2000
    you may have a master browser issue. quoted from http://www.chicagotech.net

    How do I know I have a browser problem

    When you open My Network Places, the computer list you see is obtaining from the master browser of your network. You have a master browser issue if you have the following symptoms. 1) If you can ping a computer name, you can search it, you can map it,  but that computer doesn't show or take long time to show up on My Network Places.
    2) Net view command shows no lists or shows "System error 6118 has occurred. The list of servers for this workgroup is not currently available".
    3) when clicking on Computers Near Me in My Network Places or workgroup name in Entire Network, the following error message may appear: "Cannot Access 'Computers Near Me' " or "Workgroup is not accessible" errors.
    4) when click workgroup name under Entire Network Places, you get "Workgroup is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permission.  The list server for this workgroup is not currently available."
    5) Windows Explorer or My Network Places take a long time to open.
    6) Event logs on servers show many master browser election messages.

    0
     

    Author Comment

    by:autorealty
    OK,

    On the 2 multihomed servers, I unchecked "Client for Microsoft Networking" on the WAN connection(s), and enabled "NetBios over TCP/IP" on the LAN connection(s).  This seems to have resolved all browser issues on the LAN.  All client machines on the LAN can now ping NetBios names and browse all computers.

    The VPN Clients however, still exhibit the same symptoms as before.  My 2000 machine at home can ping the internal LAN IP of the VPN server but cannot ping any other computers on the LAN.  It cannot ping any NetBios names on the LAN including the VPN server.  I can however map a UNC/Share connection to the same computers on the LAN that I cannot ping.  These mapped shares seem to work fine.

    On an XP VPN Client, all above is true with the exception that I cannot map any UNC/Share connections.

    All VPN clients have no issues with authenticating and connecting.

    One thing that is different between the 2000 VPN client and the XP VPN client, is that the XP VPN client does not allow adding NetBEUI as a protocol to the VPN connection even though it can be added to its regular network connection.
    0
     
    LVL 7

    Expert Comment

    by:blin2000
    you may want to use browstat.exe to check the master browser issue. for more details, go t http://www.chicagotech.net.
    0
     

    Author Comment

    by:autorealty
    blin2000,

    I truly do not mean to be rude, but if all you are going to do is keep pointing me towards chicagotech.net, anything after twice is more than redundant and will not earn an "accepted answer".

    Please tell me something meaningful about how browstat.exe's output relates to my issue described above.  That is something chicagotech.net does not do.

    Thanks
    0
     
    LVL 4

    Expert Comment

    by:sriwi
    First of all, netbeui is not supported anymore on WinXP, so i don;t think it is the problem, how do you get netbeui on XP ? it doesn;t even comes up on mine.

    I would check your blackice firewall, to make sure that settings for pings, or ICMP packet are enabled, or try to disable the firewall and see what happens.

    From what i can try go grasp from your description, try to uninstall all of the netbeui protocol on win98,2000, and use only Tcp/IP as your standard networking protocol, and work your way up from there.

    Cheers
    0
     

    Author Comment

    by:autorealty
    sriwi,

    The answer to your question is here: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/netbeui.mspx

    With the firewall disabled on the server as well as client, I get the same results.

    I will try removing NetBEUI tommorrow.  My guess is that the Win 2000 VPN Client will then start behaving like the XP VPN Client, and not be able to map shares.  We shall see.
    0
     
    LVL 4

    Expert Comment

    by:sriwi


    Quote from the page " NetBEUI is a non-routable protocol suitable for small networks "

    cheers
    0
     

    Author Comment

    by:autorealty
    Unchecking NetBEUI on all machines results in the same for the XP VPN Client, and now the Win 2000 VPN Client is no longer able to map shares.  When I click on one of the previously mapped shares listed under "My Network Places", I get "The Network Path was not found".

    sriw,

    I infer from your previous post that "non-routable protocol"  is significant to you.  The fact of the matter remains, that my Win2000 VPN Client "works" where NetBEUI is present on both VPN server and client.  I cannot add NetBEUI to the XP VPN client.  And the Win2000 VPN Client fails when I remove NetBEUI from the server and/or the client.

    By the way, blin 2000,

    I was sincere about not wanting to be rude.  I would gladly post browstat.exe output if still relevant.
    0
     

    Author Comment

    by:autorealty
    Well,

    Its been almost 2 weeks without any posts from anyone.  Not really knowing where else to go with this I have decided to revisit the master browser thing.  Maybe the following will spark some suggestions:

    Net View, from my home machine prior to connecting to VPN:

          C:\WINNT\system32>net view
          Server Name            Remark
          ----------------------------------------------------------------------------
          \\HOMEBOY
          \\RICHARD
          The command completed successfully.

    NbtStat, from my home machine prior to connecting to VPN:

          C:\WINNT\system32>nbtstat -n

          On-board NIC:
          Node IpAddress: [67.170.179.125] Scope Id: []

                          NetBIOS Local Name Table

                 Name               Type         Status
              ---------------------------------------------
              HOMEBOY        <00>  UNIQUE      Registered
              WORKGROUP      <00>  GROUP       Registered
              HOMEBOY        <20>  UNIQUE      Registered
              WORKGROUP      <1E>  GROUP       Registered
              WORKGROUP      <1D>  UNIQUE      Registered
              ..__MSBROWSE__.<01>  GROUP       Registered

    Browstat, from my home machine prior to connecting VPN:

          C:\Program Files\Network Tools>browstat status

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{310920E3-0018
          -4C7F-93CB-D1F6B367409B}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{849453AF-7B53
          -457E-B22E-9BD184D10A18}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{6F2A38AC-24C1
          -456A-BDD3-73A14B5A312E}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfIn{819A7FD6-F268-
          48EB-A2CF-0A989C907585}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfIn{B189170D-2453-
          45CE-B7EE-7F7457B6B362}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_{3BEC73CD-0D10-456D-A05B-74
          540D738068}
              Browsing is active on domain.
              Master browser name is: HOMEBOY
                  Master browser is running build 2195
              1 backup servers retrieved from master HOMEBOY
                  \\HOMEBOY
              There are 1 servers in domain WORKGROUP on transport
          \Device\Nbf_{3BEC73CD-0
          D10-456D-A05B-74540D738068}
              There are 1 domains in domain WORKGROUP on transport
          \Device\Nbf_{3BEC73CD-0
          D10-456D-A05B-74540D738068}

          Status for domain WORKGROUP on transport
          \Device\NetBT_Tcpip_{3BEC73CD-0D10-456D
          -A05B-74540D738068}
              Browsing is active on domain.
              Master browser name is: HOMEBOY
                  Master browser is running build 2195
              1 backup servers retrieved from master HOMEBOY
                  \\HOMEBOY
              Unable to retrieve server list from HOMEBOY: 64

    Net View, from my home machine, AFTER connecting to VPN:

          C:\WINNT\system32>net view
          Server Name            Remark
          ----------------------------------------------------------------------------
          \\HOMEBOY
          \\RICHARD
          The command completed successfully.

    NbtStat, from my home machine, AFTER connecting to VPN:

          C:\WINNT\system32>nbtstat -n

          On-board NIC:
          Node IpAddress: [67.170.179.125] Scope Id: []

                         NetBIOS Local Name Table

                Name               Type         Status
             ---------------------------------------------
             HOMEBOY        <00>  UNIQUE      Registered
             WORKGROUP      <00>  GROUP       Registered
             HOMEBOY        <20>  UNIQUE      Registered
             WORKGROUP      <1E>  GROUP       Registered
             WORKGROUP      <1D>  UNIQUE      Registered
             ..__MSBROWSE__.<01>  GROUP       Registered

          Device\NetBT_Tcpip_{88E189F5-E53B-4241-9DF2-750104724F9E}:
          ode IpAddress: [91.0.0.93] Scope Id: []

                          NetBIOS Local Name Table

                 Name               Type         Status
              ---------------------------------------------
              HOMEBOY        <00>  UNIQUE      Registered
              WORKGROUP      <00>  GROUP       Registered
              HOMEBOY        <20>  UNIQUE      Registered
              WORKGROUP      <1E>  GROUP       Registered

    Browstat from my home machine, AFTER connecting VPN:

          C:\Program Files\Network Tools>browstat status

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{310920E3-0018
          -4C7F-93CB-D1F6B367409B}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{849453AF-7B53
          -457E-B22E-9BD184D10A18}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfOut{6F2A38AC-24C1
          -456A-BDD3-73A14B5A312E}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfIn{819A7FD6-F268-
          48EB-A2CF-0A989C907585}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_NdisWanNbfIn{B189170D-2453-
          45CE-B7EE-7F7457B6B362}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

          Status for domain WORKGROUP on transport
          \Device\Nbf_{3BEC73CD-0D10-456D-A05B-74
          540D738068}
              Browsing is active on domain.
              Master browser name is: HOMEBOY
                  Master browser is running build 2195
              1 backup servers retrieved from master HOMEBOY
                  \\HOMEBOY
              Unable to retrieve server list from HOMEBOY: 64

          Status for domain WORKGROUP on transport
          \Device\NetBT_Tcpip_{3BEC73CD-0D10-456D
          -A05B-74540D738068}
              Browsing is active on domain.
              Master browser name is: HOMEBOY
                  Master browser is running build 2195
              1 backup servers retrieved from master HOMEBOY
                  \\HOMEBOY
              There are 1 servers in domain WORKGROUP on transport
          \Device\NetBT_Tcpip_{3B
          EC73CD-0D10-456D-A05B-74540D738068}
              Unable to retrieve server list from HOMEBOY: 64

          Status for domain WORKGROUP on transport
          \Device\NetBT_Tcpip_{88E189F5-E53B-4241
          -9DF2-750104724F9E}
              Browsing is NOT active on domain.
              Master name cannot be determined from GetAdapterStatus.

    Thats it.
    0
     

    Author Comment

    by:autorealty
    OK Folks,

    Thanks for all of the help - Not!

    (Lighten up everyone.  I am disappointed in my first posting experience to this site, but maybe this thread will help someone someday).

    srwi, you were sort of on track suspecting the firewall (other services), and trying to eliminate it as being the problem.

    blin2000, I really don't think you care too much about getting points on this site or solving problems as much as pointing people to chicagotech.net.  All of the other posts that I have seen by you are pretty much just links to chicagotech.net.  Maybe chicagotech.net is your baby and you are just drumming up business.  Good for you.

    The solution and the answer is, turning off the proxy server eliminated the problem.  Proxy server (WinProxy) being a legacy product that we have used since the late 1990's.  Turned it off and now using ICS.

    All is working as expected.

    0
     
    LVL 1

    Accepted Solution

    by:
    PAQed with points refunded (500)

    Computer101
    EE Admin
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
    Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    877 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now