Windows 7 - Domain Users and VPN connectivity

Asked By Sea

19-Jul-07 10:56 AM

I'm hoping this is something simple, which I think it is, but I am at my wits
end here.

We are running LCS 2005 on a domain environment.  I have a branch office in
another state with a VPN tunnel to our main facility here.

At the moment I have a single LCS server, and I'm trying to connect the
remote office to LCS over the VPN.

Now I know Kerberos is working, as I can read the security logs and see
Kerberos traffic being approved.  However, LCS does not connect at all.
Doing the LCS diag, it fails on the Kerberos authentication (by time out
usually).

Since this is a domain, I cannot just disable Kerberos authentication, as it
will simply prompt me to login.

I'm guessing what I need is an access proxy.  Reading through these forums,
however, people have stated that access proxies are sort of legacy,
pertaining only to LCS 2003.

Hoping someone can help me out here, it's getting frustrating.

Live Discussions

LCSDiag
(1)

WebGUI
(1)

VPN
(1)

Communicator
(1)

Kerberos
(1)

Newkerk
(1)

Juniper
(1)

Sean
(1)

Oscar Newkerk{MSFT] replied...

19-Jul-07 12:35 PM

Access Proxies are still used for external connection (without VPN) and
federation.

One issue you can have with Kerberos authentication is if the date/time on
the clients is too far off from the value on the Kerberos server.  If the
difference is too large, then the auth will fail.

The other option you have, since your users are connected to your network
using a VPN, you could configure the LCS server to only use NTLM to
authenticate.

Another thing to check is that some VPN appliances apparently have issues
with the SIP traffic between Communicator and LCS.  I'm not sure which ones
have the problem, but someone else in the newsgroup might have that
information cached somewhere.


--

Oscar Newkerk
Unified Communications Group
---------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Sea replied...

19-Jul-07 01:44 PM

Well I'm leaning on it being something with the firewall, just not sure what
exactly.

We run Juniper firewalls, which can be overly sensative at times.  Our VPN
policy though allows all traffic exclusively on the VPN to pass through.

With just NTLM on the LCS server, I get "the service is temporarily shut
down", typical errors of it timing out.

LCSDiag indicates all traffic is working as intended and shows I connect
just fine, however Communicator does not sign in.

Sea replied...

26-Jul-07 10:48 AM

I'm still having issues.

With just NTLM authentication configured, the communicator program does not
login at all.

However, LCSDiag shows that connectivity is established and returns

So the Diagnostic is signing in fine, but the Communicator is not.  Is there
a time out feature in the Communicator program that needs to be adjusted?

Sea replied...

27-Jul-07 10:12 AM

Okay resolved it with Juniper.

Similar to the Cisco issue with SIP traffic, the Juniper Layer 3 filtering
was interfering with the communicator SIP traffic.

In order to disable this, go into your Juniper webGUI, and go to
Configuration > Advanced > ALG.

Disable the SIP Application Layer Gateway filter, and save your settings.
Everything should be good to go from there

XP Remote Desktop over VPN problem Windows 7

XP Remote Desktop over VPN problem Windows 7 OS: XP Pro V2002 SP2. Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN Client / Server) between two standalone PCs. Each work fine on their own ie. VPN connects OK or RDT connects and works OK, but once I setup VPN connection and try and run RDT over it, it fails to connect. I have used http: / / support.microsoft.com / KB / 555375 The last should read . . . . " When you connect with the VPN can you ping the target Remote Desktop (RDC) host PC by IP? Note that if the PPTP VPN server network and the remote network your accessing the server on are using the same the server network and the remote network to be in different address ranges, ie. PPTP VPN server on 192.168.0.X and the remote client on 102.168.1.X

cisco vpn client doesnt work on wireless connection Windows 7

cisco vpn client doesnt work on wireless connection Windows 7 I have downloaded the cisco vpn client v 5.0.03.0390. I have a secondary internet connection at work which as work. I have been testing on this work wireless connection and ran the cisco VPN client and it was able to connect. Now i got home and the same wireless connection i choose home. Also, i have WEP running on my home network. My cisco VPN client keeps coming back with the following error: remote peer is no longer responding" I on: 6.0.6001 Service Pack 1 Config file directory: C: \ Program Files \ Cisco Systems \ VPN Client \ 1 02:29:34.898 04 / 03 / 08 Sev = Info / 4 CM / 0x63100002 Begin satsun Posted via http: / / www.vistaheads.com Windows Vista Networking Discussions NetBIOS (1) XP (1) VPN (1) Connecti (1) Saturday (1) Gigabit (1) Houston (1) Sierra (1) Posting the result of The remote peer is either not a Cisco device or it does not support the VPN Client protocol specification. Reason 412: The remote peer is . . . www.chicagotech.net / vpnissues / ciscoerror12.htm - - Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http: / / www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on

Windows 7 / Vista loses local resources when connected to VPN Windows 7

Windows 7 / Vista loses local resources when connected to VPN Windows 7 When connected to a pptp VPN resources on the local domain are inconsistantly available. Previously with XP they were always available even if connected to a VPN. What has changed? Printing: From win 7, I can print to a Lan printer shared on the server (2008) Once connected to a remote VPN (windows 2003 pptp), the print que says With XP printing was still possible to the Lan even though connected to a VPN. Mapped Drives: Sometime they work, sometimes they do not. If I have a mapped drive to a local file server once connected to the VPN I cannot list the contents of drive, or access any of the files. Other times even with a VPN connected I can acess the files. If you access the drive before opening the VPN this seems to help. I thought it may be a DNS issue but I have

VPN Question Windows 7

VPN Question Windows 7 Hi, Maybe someone can tell me if I did something wrong? I am running Vista here at home and XP remotely. I set up a VPN network connection entry in the XP machine and followed the instructions at this URL to mvps.org / Vista / PPTP / PPTPVPN.html I have a BEFSR41 router with all the proper VPN options turned on and port 1723 forwarded to the Vista machine. When I connect I thoughts? This is very frustrating! Windows Vista Networking Discussions Vista (1) XP (1) CodeVPN (1) VPN (1) Windows (1) Linksys (1) Firmware (1) Routers (1) What's the VPN error code or error message? Also check the VPN host event viewer for any error. Or check this search result VPN error codeVPN Error 806 - a connection between your computer and the VPN server has been established but the VPN connection cannot be completed. VPN error code 828

VPN Connection issue - Cant connect to another VPN until a restart Windows 7

VPN Connection issue - Cant connect to another VPN until a restart Windows 7 Hi There, I have a weird VPN issue that I cannot resolve. Hopefully someone out there has had a similar issue. System Details - -- -- -- -- -- -- -- - - Windows XP SP3 - Using the Windows XP built in VPN client - Ethernet connection built onto Motherboard - ADMtek AN983 10 / 100Mbps Problem Scenario - -- -- -- -- -- -- -- -- -- -- - Turn on PC launch and log-in to Windows XP. - Login to VPN-a. Authenticated Successfully. Can connect to PC's and network devices. - Log off VPN-a. - Login to VPN-b or c or d, . . . . Authenticated Successfully. Cannot connect to PC's and network devices. - Log off VPN-b or c or d, . . . . - Log back in to VPN-a. Authenticate Successfully. Can browse