• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 469
  • Last Modified:

Issue with VPN clients accessing domain resources

We are currently having an issue in which VPN clients that are domain members cannot access file shares or the exchange server but can ping them by name, yet VPN clients that are NOT domain members CAN access file shares and the exchange server.  

We are running a 2003 native AD
ISA 2004 SP2
Exchange 2003
XP clients

Any ideas would be greatly appreciated.

Thanks.
0
CMH_DS
Asked:
CMH_DS
  • 5
  • 3
1 Solution
 
mikeleebrlaCommented:
sounds to me like you need to check your NTFS security permissions on your folders that you have shared (that is on the security tab on the properties of any folder)

can you elaberate on what you mean they can access the exchange server?  how are they accessing it?  Outlook client? Outlook Web? POP3? etc etc

0
 
CMH_DSAuthor Commented:
We are using Outlook 2003 on the clients.  

I can use a non-domain machine via a DSL connection to VPN into the domain, I can configure Outlook 2k3 to connect, I can manually map network drives, everything works fine.. But if I join that machine to the domain, then connect via VPN I cannot map network drives and I cannot access the exchange server  with Outlook2k3..
0
 
mikeleebrlaCommented:
are you mapping drives via IP or via netbios names?
try doing it via IP address rather than via netbios names b/c getting netbios names to work over the VPN would be a nightmare.


how are you trying to connect to the exchange server via outlook?  MAPI, IMAP, pop3 etc?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
CMH_DSAuthor Commented:
We are mapping via netbios names, which I have done at previous companies with no issues, and in this case I can map vie netbios name when connected to the VPN on a NON domain workstation.

We are connecting to exchange via outlook2k3 using the exchange service.
0
 
mikeleebrlaCommented:
well,  can you connect via IP like i asked you to test?  that will narrow down the problem.

>>We are connecting to exchange via outlook2k3 using the exchange service.
That is called MAPI.
0
 
CMH_DSAuthor Commented:
We cannot map via IP address on the domain workstation.  This almost seems like an authentication issue on the domain machines via VPN.
0
 
CMH_DSAuthor Commented:
500 points
0
 
isd503Commented:
I think your problem resides on the ISA server.  

If the VPN client works from a machine not joined to the domain, then you join the machine to the domain and it does not work, I think the VPN client would not be the problem.

VPN clients typically authorize and authenticate (or should) based upon configured (in the client software) and supplied (by the user) credentials, not on aspects of the machine from which you are connecting.

Have you tried uninstalling the VPN client from the machine and reinstalling it once you are connected to the domain just to rule it out?
0
 
CMH_DSAuthor Commented:
We've got this problem resolved, it was on the ISA server.  We had to disable IP Fragment Blocking.

This thread can be closed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now