Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Windows 2003 Login Problem over Cisco VPN connection

I have a network running a Win2K and Win2K3 server.  From INSIDE the network I can connect to all shares on both boxes and can also connect to both boxes through RDC.

When using our VPN client, I can remotely connect to both boxes using RDC, and I can connect to the shares on the Win2K box.  I can't connect to any share on the Win2K3 box, though. I get the SMB/NIFS login dialog box, but every user I try - including Domain Admins - gets a standard "User Name or Password is not correct" message.

Any help would be greatly appreciated!!  Thanks in advance!!
0
jagpcmhc
Asked:
jagpcmhc
  • 5
  • 3
2 Solutions
 
Rob WilliamsCommented:
Just a long shot; On the w2k3 box try as a user name:
DomainName\UserName
0
 
jagpcmhcAuthor Commented:
Thanks, but didn't work.  I wonder if it's something on the PIX.... Since I can login normally INSIDE the network - to both boxes - but can't login to the Win2K3 box OUTSIDE/VPN, I wonder if I need to make a change on the PIX..
0
 
Rob WilliamsCommented:
Possibly, but no others I can think of. That is why I was suggesting adding the domain name.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
lrmooreCommented:
Is the VPN client PC a member of the domain? Using the Cisco VPN client there is an option to connect before login which allows you to actually log into the domain with real domain credentials. You might give that a try.
Typically with VPN all IP traffic is allowed so there is very little in the PIX configuration that can interfere with domain logins. The primary issue is DNS/WINS/Netbios name resolution. Does your VPN client config get the proper DNS server? If you want to post your PIX config, we'll take a look at it just to make sure.
0
 
jagpcmhcAuthor Commented:
Yes, it's a member of the domain...... If I remember correctly, doesn't port 445 have to be available to use SMB over IP?  I wonder if that's an issue on the PIX??  The thing I don't understand is that I CAN login to any share on the Win2k box (same user acccount names) and I CAN RDC to the WIN2K3 box, too.  

The only problem is when I try to use SMB, through the UNC name.  I get the login dialog box, but just can't seem to get any user account to authenticate.

I wonder if Win2K3 looks at traffic coming in from another subnet as "remote"... just wondering...

Thanks for the help.
0
 
Rob WilliamsCommented:
>>" wonder if Win2K3 looks at traffic coming in from another subnet "
One thought, the Windows firewall, if enabled, on W2K3, has has exceptions, and the exceptions can be configured by subnet. By default enabling "file and print sharing", or any other service, creates an exception, but as a rule only for the local subnet. Try disabling the firewall or change the option to all, or a specific subnet. It is located:
network connections | Windows firewall | Exceptions | File and print sharing - edit | highlight each port, one a t a time, and choose change scope | add the subnet or choose "any computer (including those on the Internet)"

If you get an ipnat error when trying to open the firewall, it is not enabled.
0
 
jagpcmhcAuthor Commented:
Well.. I rebooted the machine and now it connects over the VPN and I can now login properly (same users as before that weren't authenticating)... very weird... and I'm still not sure why it didn't work earlier..  Anyway I don't know who I should give points to... both of you were helpful....
0
 
Rob WilliamsCommented:
You can split the points whatever way you like, if you feel the answers helped to lead you to a solution, or where you resolved with your own methods, you can ask in the community support forum to have the question closed and points refunded.
Regardless, glad to hear you were able to resolve.
Cheers !
--Rob
0
 
Rob WilliamsCommented:
Thanks jagpcmhc.
Cheers !
--Rob
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now