Solved

Issue with VPN clients accessing domain resources

Posted on 2006-07-07
11
390 Views
Last Modified: 2012-05-05
We are currently having an issue in which VPN clients that are domain members cannot access file shares or the exchange server but can ping them by name, yet VPN clients that are NOT domain members CAN access file shares and the exchange server.  

We are running a 2003 native AD
ISA 2004 SP2
Exchange 2003
XP clients

Any ideas would be greatly appreciated.

Thanks.
0
Comment
Question by:CMH_DS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
11 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17059260
sounds to me like you need to check your NTFS security permissions on your folders that you have shared (that is on the security tab on the properties of any folder)

can you elaberate on what you mean they can access the exchange server?  how are they accessing it?  Outlook client? Outlook Web? POP3? etc etc

0
 

Author Comment

by:CMH_DS
ID: 17059444
We are using Outlook 2003 on the clients.  

I can use a non-domain machine via a DSL connection to VPN into the domain, I can configure Outlook 2k3 to connect, I can manually map network drives, everything works fine.. But if I join that machine to the domain, then connect via VPN I cannot map network drives and I cannot access the exchange server  with Outlook2k3..
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17059554
are you mapping drives via IP or via netbios names?
try doing it via IP address rather than via netbios names b/c getting netbios names to work over the VPN would be a nightmare.


how are you trying to connect to the exchange server via outlook?  MAPI, IMAP, pop3 etc?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:CMH_DS
ID: 17059831
We are mapping via netbios names, which I have done at previous companies with no issues, and in this case I can map vie netbios name when connected to the VPN on a NON domain workstation.

We are connecting to exchange via outlook2k3 using the exchange service.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17059872
well,  can you connect via IP like i asked you to test?  that will narrow down the problem.

>>We are connecting to exchange via outlook2k3 using the exchange service.
That is called MAPI.
0
 

Author Comment

by:CMH_DS
ID: 17059965
We cannot map via IP address on the domain workstation.  This almost seems like an authentication issue on the domain machines via VPN.
0
 

Author Comment

by:CMH_DS
ID: 17061184
500 points
0
 
LVL 3

Accepted Solution

by:
isd503 earned 500 total points
ID: 17068052
I think your problem resides on the ISA server.  

If the VPN client works from a machine not joined to the domain, then you join the machine to the domain and it does not work, I think the VPN client would not be the problem.

VPN clients typically authorize and authenticate (or should) based upon configured (in the client software) and supplied (by the user) credentials, not on aspects of the machine from which you are connecting.

Have you tried uninstalling the VPN client from the machine and reinstalling it once you are connected to the domain just to rule it out?
0
 

Author Comment

by:CMH_DS
ID: 17083157
We've got this problem resolved, it was on the ISA server.  We had to disable IP Fragment Blocking.

This thread can be closed.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question