Solved

Windows 2003 Login Problem over Cisco VPN connection

Posted on 2007-04-06
9
308 Views
Last Modified: 2010-04-09
I have a network running a Win2K and Win2K3 server.  From INSIDE the network I can connect to all shares on both boxes and can also connect to both boxes through RDC.

When using our VPN client, I can remotely connect to both boxes using RDC, and I can connect to the shares on the Win2K box.  I can't connect to any share on the Win2K3 box, though. I get the SMB/NIFS login dialog box, but every user I try - including Domain Admins - gets a standard "User Name or Password is not correct" message.

Any help would be greatly appreciated!!  Thanks in advance!!
0
Comment
Question by:jagpcmhc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18868479
Just a long shot; On the w2k3 box try as a user name:
DomainName\UserName
0
 

Author Comment

by:jagpcmhc
ID: 18869226
Thanks, but didn't work.  I wonder if it's something on the PIX.... Since I can login normally INSIDE the network - to both boxes - but can't login to the Win2K3 box OUTSIDE/VPN, I wonder if I need to make a change on the PIX..
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18869279
Possibly, but no others I can think of. That is why I was suggesting adding the domain name.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 18869444
Is the VPN client PC a member of the domain? Using the Cisco VPN client there is an option to connect before login which allows you to actually log into the domain with real domain credentials. You might give that a try.
Typically with VPN all IP traffic is allowed so there is very little in the PIX configuration that can interfere with domain logins. The primary issue is DNS/WINS/Netbios name resolution. Does your VPN client config get the proper DNS server? If you want to post your PIX config, we'll take a look at it just to make sure.
0
 

Author Comment

by:jagpcmhc
ID: 18871544
Yes, it's a member of the domain...... If I remember correctly, doesn't port 445 have to be available to use SMB over IP?  I wonder if that's an issue on the PIX??  The thing I don't understand is that I CAN login to any share on the Win2k box (same user acccount names) and I CAN RDC to the WIN2K3 box, too.  

The only problem is when I try to use SMB, through the UNC name.  I get the login dialog box, but just can't seem to get any user account to authenticate.

I wonder if Win2K3 looks at traffic coming in from another subnet as "remote"... just wondering...

Thanks for the help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18872256
>>" wonder if Win2K3 looks at traffic coming in from another subnet "
One thought, the Windows firewall, if enabled, on W2K3, has has exceptions, and the exceptions can be configured by subnet. By default enabling "file and print sharing", or any other service, creates an exception, but as a rule only for the local subnet. Try disabling the firewall or change the option to all, or a specific subnet. It is located:
network connections | Windows firewall | Exceptions | File and print sharing - edit | highlight each port, one a t a time, and choose change scope | add the subnet or choose "any computer (including those on the Internet)"

If you get an ipnat error when trying to open the firewall, it is not enabled.
0
 

Author Comment

by:jagpcmhc
ID: 18873251
Well.. I rebooted the machine and now it connects over the VPN and I can now login properly (same users as before that weren't authenticating)... very weird... and I'm still not sure why it didn't work earlier..  Anyway I don't know who I should give points to... both of you were helpful....
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
ID: 18874156
You can split the points whatever way you like, if you feel the answers helped to lead you to a solution, or where you resolved with your own methods, you can ask in the community support forum to have the question closed and points refunded.
Regardless, glad to hear you were able to resolve.
Cheers !
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18881616
Thanks jagpcmhc.
Cheers !
--Rob
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question