Solved

XP Credentials do not pass through correctly using VPN

Posted on 2006-06-14
11
406 Views
Last Modified: 2008-03-17
Hi, I have a strange problem with Windows XP. Here is the setup:

Windows 2003 domain, XP Clients.
Outlook in cached mode, My documents redirected to their home drive and synchronizing at logon and logoff.
Remote users have ADSL / Broadband and connect to the office using SonicWall VPN Client. Nearly all users connect successfully and work on shared files, Outlook etc with no problems. 3 Users have the following problem:
They connect the VPN connection successfully.
Outlook does not connect. After about 5 minutes a login prompt appears from the Exchange server. If the user inputs their credentials they receive a message stating that this combination of username/password has already been tried. They get the same message when trying mapped drives.

I have got all three users to login at the office and they have no problems. Their passwords are set to never expire.
Now the really weird bit - At the office I have a separate ADSL line for testing purposes. I connect these users machines on this line, connect the vPN client and everthing works fine. The users take the machines home and have the same problems. From their homes with the VPN connected they can ping any server by IP address or FQDN. I can make Remote desktop connections to them and remote connections from the clients to the servers. If they map a drive from their machine the same password problem occurs but if I enter different credentials the mapping works fine.
All three users are using different ISP's. One is AOL, one is cable (telewest) the other is ADSL from a BT reseller.

Any ideas anyone?

Thanks

Stewart
0
Comment
Question by:ssmith764
  • 6
  • 3
11 Comments
 
LVL 18

Expert Comment

by:carl_legere
ID: 16908829
try lowering the client's MTU
go right for the vugular and set it to 1300, see if it helps, then bump up in increments of 40

http://www.dslreports.com/drtcp
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909632
Where would I set the MTU. On the router or the client?
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909769
Ok, just read the page from the link. I will try this.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16910534
IF the issue is fragmentation and solved by MTU, then you know that the router is the problem, but you tweak the situation to your benefit on the workstation.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16910542
By the router is the problem I mean the router at the remote location not the sonicwall.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Author Comment

by:ssmith764
ID: 16920584
Hi Carl,

I have tried this on 2 of the users machines but it still does not work. Telewest, NTL and AOL have also been no help at all. I saw an article which suggested that the MTU when using VPN's on AOL should be 1400. I have tried this but still no joy. Also the user that I thought was using ADSL is actually on NTL cable and I think that NTL and Telewest are now the same company. We have approx 20 remote users who connect with no problem at all most of them use ADSL.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17071819
Update on this question:

I have tried the the following-

Created a test user - joe bloggs - and logged in to each affected users machine as this user and created an outlook profile. Tested this user on the ADSL line in the office. All 3 users have then tried to connect from home as this user. They are ABLE to connect as this user with outlook and mapped drives with no login prompts.

I have deleted their profiles from the machines and re-added them. They still cannot connect.
I have deleted their user accounts and mailboxes and recreated them. This still does not work. I have given a user a brand new laptop out of the box and set them up on it and he cannot connect using this either.
All users work fine on the ADSL line in the office. The problem seems to point to their ISP's but if this is the case why does the test user work on all their home connections?
Help!
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17295488
I have now opened a case with Microsoft and will post the results here.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17474798
Here's the fix if anyones interested:
Kerberos packets are sent as UDP by default. Certain users Kerberos packets can exceed the Windows 2003 limit of 1465 bytes and will be fragmented. These will be dropped if they arrive out of order. The fix is to force Kerberos to use TCP so any dropped packets will be re-sent.

http://support.microsoft.com/?id=244474
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17839304
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now