• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Can't login new user via wireless over VPN

Hi all,

I've set up a new site off an exisiting SBS2k3 network and connected it via a VPN. The remote site works entirely off wireless. There are 2 notebooks and 1 desktop.

On the notebooks I initially logged both users in whilst setting the network up whilst at the main site, hence a local set of credentials was created and they can work via the VPN fine at the moment.

My issue is I only logged administrator in on the desktop, and now neither of the 2 users at the remote site can logon because there aren't any cached credentials on the computer.

The desktop is using a Linksys USB adapter (WUSB54GP - Using Windows Zero Config not a proprietary connection manager) that works perfectly immediately from login for the Administator. I have also enabled the GPO for "waiting for network connections" as per other posts here. The WZC service is set to Auto - so I would assume its starting at boot?

How do I get new users without locally cached profiles to be able to log onto these machines? Linksys support was particularly unhelpful.

If anyone has succeeded in doing this,pls let me know.
0
gorlaz
Asked:
gorlaz
  • 11
  • 10
  • 3
2 Solutions
 
Jay_Jay70Commented:
Hi gorlaz,

you need to get those machines local so that you can cache those credentials   without them there is nothing you can do to get in
0
 
gorlazAuthor Commented:
Hi Jay_Jay70,

Thanks for the prompt reply,

There's got to be something surely? Surely MS aren't so silly as to create such a big catch22.

Something that just occurred to me is that I haven't tried cabling the machine directly back to the remote site's router and try it that way, I was hoping to avoid getting the guys there to move the computer as there is every possibility something might get "broken".

Anyone else?
0
 
Jay_Jay70Commented:
if you can get a direct connection then problem solved    but otherwise your in a pickle :)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
gorlazAuthor Commented:
Hmm...

Or maybe not...

I've connected the PC directly to the router and still can't get the new user to log on (I dc'd the wireless temporarily). Administrator will still log on and can access the TS on the other end of the VPN so it seems to be working ok.

Are there any obscure permissions that might be needed to give either the computer account or the user to let them log onto the PC on the remote end of the VPN?

0
 
Jay_Jay70Commented:
depends on your VPN setup - you basically have to be able to contact the DC as if you were connected directly into it locally.... which you get when you connect wirless, then through the vpn etc,
0
 
gorlazAuthor Commented:
Fair enough - there are some funky DNS issues going on at the moment, so even though they can access the DC's resources, I don't think they can ping/resolve the DC's name or IP. I'm guessing this is preventing the DC from being contacted.

Will confirm.
0
 
Jay_Jay70Commented:
if it is then you can do some manual editing
0
 
gorlazAuthor Commented:
Sry - what sort of manual editing? you mean hosts files?
0
 
Jay_Jay70Commented:
thats them - if its dns related then lmhost file may be your answer but you need to confirm first - what kind of VPN do you have setup?
0
 
Fatal_ExceptionCommented:
On the far side of the VPN, you are using a different subnet range, are you not?

And as Jay mentions, what is your VPN setup here?  Hardware to a VPN concentrator (like a Cisco 3000?)
0
 
gorlazAuthor Commented:
VPN is IPsec over LT2P with 3DES between 2 draytek Vigors.

Far side of VPN is a different subnet range. So, site where server and TS are is the 10.0.0.x range with server 10.0.0.1 and TS as 10.0.0.2 and remote site is 10.10.0.x range. Routers on both sides are 10.x.0.9.

From the remote site I can ping the TS (via name and IP) and the main site's router but not the Server's name or IP.
0
 
gorlazAuthor Commented:
Sry - one more thing - the Draytek Vigors are the routers on either end handling the VPN as well.
0
 
Jay_Jay70Commented:
not the servers nam or IP i take it you are referring to the Domain Controller here?
0
 
gorlazAuthor Commented:
Sorry yes, the server is the DC
0
 
Jay_Jay70Commented:
ok, at least you know you can ping accross the VPN to machines on the same subnet...... is there any firewalla enabled that we should know about
0
 
gorlazAuthor Commented:
ISA would be on the DC/Server. I haven't configured/changed anything in ISA since I dropped the new subnet/VPN in. I can't currently get to the server to confirm what is there sorry.

Only other firewalls would be the hardware firewalls on the Drayteks, which haven't had any customisations made to the default packet scanning.
0
 
Jay_Jay70Commented:
hmm i dont know anything about ISA but i would say thats where your problem is lying..... you are going to have to allow access through to the DC itself
0
 
gorlazAuthor Commented:
Np, I'll have a look tonight and post back. Thanks for the help so far.
0
 
Jay_Jay70Commented:
tis no problem mate :) we are getting closer :)
0
 
Fatal_ExceptionCommented:
0
 
gorlazAuthor Commented:
Righteo - turns out it wasn't the VPN between the routers as such causing the issues.

ISA on the main server was blocking pings and other IP traffic due to rules being set but the firewall not being turned on - this stopped various name resolutions and definitely stopped the logon process from being able to contact the DC and so authenticate properly.

A lot of other issues I had are now resolved as well :) (Funny that)

On the remote side of the VPN the router DNS config was changed for the first DNS to be the main server and the second DNS to point to the internet provider in case of the link going down.

0
 
gorlazAuthor Commented:
Re points - Jay Jay - thanks for the persistent help - got the ball rolling
Fatal_Exception - made me get more info on the ISA side.
0
 
Jay_Jay70Commented:
good stuff, glad all is well
0
 
Fatal_ExceptionCommented:
Well, been out of state all week working on my network, but glad to see this is resolved, and thanks!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 11
  • 10
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now