Solved

XP Credentials do not pass through correctly using VPN

Posted on 2006-06-14
11
408 Views
Last Modified: 2008-03-17
Hi, I have a strange problem with Windows XP. Here is the setup:

Windows 2003 domain, XP Clients.
Outlook in cached mode, My documents redirected to their home drive and synchronizing at logon and logoff.
Remote users have ADSL / Broadband and connect to the office using SonicWall VPN Client. Nearly all users connect successfully and work on shared files, Outlook etc with no problems. 3 Users have the following problem:
They connect the VPN connection successfully.
Outlook does not connect. After about 5 minutes a login prompt appears from the Exchange server. If the user inputs their credentials they receive a message stating that this combination of username/password has already been tried. They get the same message when trying mapped drives.

I have got all three users to login at the office and they have no problems. Their passwords are set to never expire.
Now the really weird bit - At the office I have a separate ADSL line for testing purposes. I connect these users machines on this line, connect the vPN client and everthing works fine. The users take the machines home and have the same problems. From their homes with the VPN connected they can ping any server by IP address or FQDN. I can make Remote desktop connections to them and remote connections from the clients to the servers. If they map a drive from their machine the same password problem occurs but if I enter different credentials the mapping works fine.
All three users are using different ISP's. One is AOL, one is cable (telewest) the other is ADSL from a BT reseller.

Any ideas anyone?

Thanks

Stewart
0
Comment
Question by:ssmith764
  • 6
  • 3
11 Comments
 
LVL 18

Expert Comment

by:carl_legere
ID: 16908829
try lowering the client's MTU
go right for the vugular and set it to 1300, see if it helps, then bump up in increments of 40

http://www.dslreports.com/drtcp
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909632
Where would I set the MTU. On the router or the client?
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909769
Ok, just read the page from the link. I will try this.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 18

Expert Comment

by:carl_legere
ID: 16910534
IF the issue is fragmentation and solved by MTU, then you know that the router is the problem, but you tweak the situation to your benefit on the workstation.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16910542
By the router is the problem I mean the router at the remote location not the sonicwall.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16920584
Hi Carl,

I have tried this on 2 of the users machines but it still does not work. Telewest, NTL and AOL have also been no help at all. I saw an article which suggested that the MTU when using VPN's on AOL should be 1400. I have tried this but still no joy. Also the user that I thought was using ADSL is actually on NTL cable and I think that NTL and Telewest are now the same company. We have approx 20 remote users who connect with no problem at all most of them use ADSL.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17071819
Update on this question:

I have tried the the following-

Created a test user - joe bloggs - and logged in to each affected users machine as this user and created an outlook profile. Tested this user on the ADSL line in the office. All 3 users have then tried to connect from home as this user. They are ABLE to connect as this user with outlook and mapped drives with no login prompts.

I have deleted their profiles from the machines and re-added them. They still cannot connect.
I have deleted their user accounts and mailboxes and recreated them. This still does not work. I have given a user a brand new laptop out of the box and set them up on it and he cannot connect using this either.
All users work fine on the ADSL line in the office. The problem seems to point to their ISP's but if this is the case why does the test user work on all their home connections?
Help!
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17295488
I have now opened a case with Microsoft and will post the results here.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17474798
Here's the fix if anyones interested:
Kerberos packets are sent as UDP by default. Certain users Kerberos packets can exceed the Windows 2003 limit of 1465 bytes and will be fragmented. These will be dropped if they arrive out of order. The fix is to force Kerberos to use TCP so any dropped packets will be re-sent.

http://support.microsoft.com/?id=244474
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17839304
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question