Solved

Windows 2003 Login Problem over Cisco VPN connection

Posted on 2007-04-06
9
301 Views
Last Modified: 2010-04-09
I have a network running a Win2K and Win2K3 server.  From INSIDE the network I can connect to all shares on both boxes and can also connect to both boxes through RDC.

When using our VPN client, I can remotely connect to both boxes using RDC, and I can connect to the shares on the Win2K box.  I can't connect to any share on the Win2K3 box, though. I get the SMB/NIFS login dialog box, but every user I try - including Domain Admins - gets a standard "User Name or Password is not correct" message.

Any help would be greatly appreciated!!  Thanks in advance!!
0
Comment
Question by:jagpcmhc
  • 5
  • 3
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18868479
Just a long shot; On the w2k3 box try as a user name:
DomainName\UserName
0
 

Author Comment

by:jagpcmhc
ID: 18869226
Thanks, but didn't work.  I wonder if it's something on the PIX.... Since I can login normally INSIDE the network - to both boxes - but can't login to the Win2K3 box OUTSIDE/VPN, I wonder if I need to make a change on the PIX..
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18869279
Possibly, but no others I can think of. That is why I was suggesting adding the domain name.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 18869444
Is the VPN client PC a member of the domain? Using the Cisco VPN client there is an option to connect before login which allows you to actually log into the domain with real domain credentials. You might give that a try.
Typically with VPN all IP traffic is allowed so there is very little in the PIX configuration that can interfere with domain logins. The primary issue is DNS/WINS/Netbios name resolution. Does your VPN client config get the proper DNS server? If you want to post your PIX config, we'll take a look at it just to make sure.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:jagpcmhc
ID: 18871544
Yes, it's a member of the domain...... If I remember correctly, doesn't port 445 have to be available to use SMB over IP?  I wonder if that's an issue on the PIX??  The thing I don't understand is that I CAN login to any share on the Win2k box (same user acccount names) and I CAN RDC to the WIN2K3 box, too.  

The only problem is when I try to use SMB, through the UNC name.  I get the login dialog box, but just can't seem to get any user account to authenticate.

I wonder if Win2K3 looks at traffic coming in from another subnet as "remote"... just wondering...

Thanks for the help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18872256
>>" wonder if Win2K3 looks at traffic coming in from another subnet "
One thought, the Windows firewall, if enabled, on W2K3, has has exceptions, and the exceptions can be configured by subnet. By default enabling "file and print sharing", or any other service, creates an exception, but as a rule only for the local subnet. Try disabling the firewall or change the option to all, or a specific subnet. It is located:
network connections | Windows firewall | Exceptions | File and print sharing - edit | highlight each port, one a t a time, and choose change scope | add the subnet or choose "any computer (including those on the Internet)"

If you get an ipnat error when trying to open the firewall, it is not enabled.
0
 

Author Comment

by:jagpcmhc
ID: 18873251
Well.. I rebooted the machine and now it connects over the VPN and I can now login properly (same users as before that weren't authenticating)... very weird... and I'm still not sure why it didn't work earlier..  Anyway I don't know who I should give points to... both of you were helpful....
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
ID: 18874156
You can split the points whatever way you like, if you feel the answers helped to lead you to a solution, or where you resolved with your own methods, you can ask in the community support forum to have the question closed and points refunded.
Regardless, glad to hear you were able to resolve.
Cheers !
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18881616
Thanks jagpcmhc.
Cheers !
--Rob
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now