Solved

XP Credentials do not pass through correctly using VPN

Posted on 2006-06-14
11
409 Views
Last Modified: 2008-03-17
Hi, I have a strange problem with Windows XP. Here is the setup:

Windows 2003 domain, XP Clients.
Outlook in cached mode, My documents redirected to their home drive and synchronizing at logon and logoff.
Remote users have ADSL / Broadband and connect to the office using SonicWall VPN Client. Nearly all users connect successfully and work on shared files, Outlook etc with no problems. 3 Users have the following problem:
They connect the VPN connection successfully.
Outlook does not connect. After about 5 minutes a login prompt appears from the Exchange server. If the user inputs their credentials they receive a message stating that this combination of username/password has already been tried. They get the same message when trying mapped drives.

I have got all three users to login at the office and they have no problems. Their passwords are set to never expire.
Now the really weird bit - At the office I have a separate ADSL line for testing purposes. I connect these users machines on this line, connect the vPN client and everthing works fine. The users take the machines home and have the same problems. From their homes with the VPN connected they can ping any server by IP address or FQDN. I can make Remote desktop connections to them and remote connections from the clients to the servers. If they map a drive from their machine the same password problem occurs but if I enter different credentials the mapping works fine.
All three users are using different ISP's. One is AOL, one is cable (telewest) the other is ADSL from a BT reseller.

Any ideas anyone?

Thanks

Stewart
0
Comment
Question by:ssmith764
  • 6
  • 3
11 Comments
 
LVL 18

Expert Comment

by:carl_legere
ID: 16908829
try lowering the client's MTU
go right for the vugular and set it to 1300, see if it helps, then bump up in increments of 40

http://www.dslreports.com/drtcp
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909632
Where would I set the MTU. On the router or the client?
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16909769
Ok, just read the page from the link. I will try this.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 18

Expert Comment

by:carl_legere
ID: 16910534
IF the issue is fragmentation and solved by MTU, then you know that the router is the problem, but you tweak the situation to your benefit on the workstation.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16910542
By the router is the problem I mean the router at the remote location not the sonicwall.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 16920584
Hi Carl,

I have tried this on 2 of the users machines but it still does not work. Telewest, NTL and AOL have also been no help at all. I saw an article which suggested that the MTU when using VPN's on AOL should be 1400. I have tried this but still no joy. Also the user that I thought was using ADSL is actually on NTL cable and I think that NTL and Telewest are now the same company. We have approx 20 remote users who connect with no problem at all most of them use ADSL.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17071819
Update on this question:

I have tried the the following-

Created a test user - joe bloggs - and logged in to each affected users machine as this user and created an outlook profile. Tested this user on the ADSL line in the office. All 3 users have then tried to connect from home as this user. They are ABLE to connect as this user with outlook and mapped drives with no login prompts.

I have deleted their profiles from the machines and re-added them. They still cannot connect.
I have deleted their user accounts and mailboxes and recreated them. This still does not work. I have given a user a brand new laptop out of the box and set them up on it and he cannot connect using this either.
All users work fine on the ADSL line in the office. The problem seems to point to their ISP's but if this is the case why does the test user work on all their home connections?
Help!
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17295488
I have now opened a case with Microsoft and will post the results here.
0
 
LVL 5

Author Comment

by:ssmith764
ID: 17474798
Here's the fix if anyones interested:
Kerberos packets are sent as UDP by default. Certain users Kerberos packets can exceed the Windows 2003 limit of 1465 bytes and will be fragmented. These will be dropped if they arrive out of order. The fix is to force Kerberos to use TCP so any dropped packets will be re-sent.

http://support.microsoft.com/?id=244474
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17839304
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question