See my inline replies.
On 2006-05-23 12:49:19 -0400, "Arch Willingham" <(E-Mail Removed)> said:
> I have one user that we are having a terrible time with . The number of
> possible variables is the scary part. He connects via VPN which is
> hosted by ISA 2003. Over the last few weeks he can rarely use the VPN
> to view anything (or to use Outlook 2003). If you connect via VPN and
> issue "net view \\computer1" (or any computer on our network) you get
> system error 5. He is a domain administrator so permissions are not the
> issue. Sometimes he can successfully get back the info if he issues
> "net view \\192.168.1.1" (using the real ip address of computer1) but
> sometimes not. I have logged in as another user yet I still get the. I
> can take my laptop, stand right next to him and it works fine. I have
> completely re-installed his operating system...it worked for a few days
> and now it doesn't again. I have tried watching ISA but I don';t see
> any issues.
A "system error 5" is a permission denied error message, so something
about his authentication is not correct. Have you verified that the
password he is using locally matches his AD password? Is the AD
password expired?
Additionally, the variations between the UNC paths leads me to believe
that there may be some problems with name resolution. Ensure that his
PC can properly resolve names via WINS and DNS, and that those names
are resolved to the correct IP addresses. I've seen issues where, due
to ISP configuration issues, names get resolved to external addresses
(which, of course, would generate an error 5).
> Is it his laptop, ISA, the OS, RRAS, VPN, etc?? This one has me
> baffled. This only thing I can find even a little suspicious is these
> denied entries as his VPN connects (I stripped out anything that did
> not say "denied"). One that hits me is "netbois name service"..doesn't
> it need that??
>
>
> COMP1 2006-05-23 11:27:44 IGMP 192.168.1.106 224.0.0.22 192.168.1.106
> VPN PPL External Denied 0xc0040014 - Unidentified IP Traffic N 0 0 0 0
> - - - - - - - - 0 0 10.0.0.115 46 00 00 28 03 82 00 00 01 02 36 ce 0a
> 00 00 6a e0 00 00 16 22 00 ea 03 00 00 00 01 04 00 00 00 ef ff ff fa
>
> COMP1 2006-05-23 11:27:44 UDP 192.168.1.106:68 255.255.255.255:67
> 192.168.1.106 VPN PPL Local Host Denied 0xc0040014 - DHCP (request) N 0
> 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 01 48 03 87 00 00 80 11 2b
> b5 0a 00 00 6a ff ff ff ff 00 44 00 43 01 34 61 aa 01 08 06 00 86 c9 eb
> 69 06 00 00 00
This UDP traffic is DHCP. Other than this preventing him from getting
an IP address, this would not have an effect on his VPN operation.
> COMP1 2006-05-23 11:27:44 UDP 192.168.1.106:137 10.0.0.60:137
> 192.168.1.106 VPN PPL Internal Denied 0xc0040014 - NetBios Name Service
> N 0 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 00 60 03 89 00 00 80 11
> 22 5f 0a 00 00 6a 0a 00 00 3c 00 89 00 89 00 4c c6 2d 80 8b 79 00 00 01
> 00 00 00 00 00 01
This is NetBIOS name resolution (i.e., WINS). Blocking this will cause
problems trying to resolve the computer name, hence the issues
described above.
> COMP1 2006-05-23 11:27:49 TCP 192.168.1.106:1156 192.168.1.2:88
> 192.168.1.106 VPN PPL Internal Terminate 0x80074e21 Allow traffic from
> Internal network to local host Kerberos-Sec (TCP) Y 515 515 1729 1729 -
> - - - - - - - 362 4885 - - -
>
> COMP1 2006-05-23 11:27:49 UDP 192.168.1.106:1157 192.168.1.2:88
> 192.168.1.106 VPN PPL Internal Denied 0xc0040013 - Kerberos-Sec (UDP) N
> 0 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 05 74 03 c1 20 00 80 11 fd
> 4c 0a 00 00 6a 0a 00 00 02 04 85 00 58 05 db 60 23 6c 82 05 cf 30 82 05
> cb a1 03 02 01
This is Kerberos traffic. When this is blocked/denied, the client
can't authenticate to the server. Again, this is a contributing factor
to the system error 5.
> COMP1 2006-05-23 11:27:49 UDP 192.168.1.106 192.168.1.2 192.168.1.106
> VPN PPL Internal Denied 0xc0040013 - Proxy2.0's custom packet filter
> #926 N 0 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 00 8f 03 c1 00 ac
> 80 11 21 86 0a 00 00 6a 0a 00 00 02 26 e9 70 84 54 50 72 55 17 7c e2 a4
> 6e 30 6c a0 07 03 05 00
>
> COMP1 2006-05-23 11:27:53 UDP 192.168.1.106:1157 192.168.1.2:88
> 192.168.1.106 VPN PPL Internal Denied 0xc0040013 - Kerberos-Sec (UDP) N
> 0 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 05 74 03 dc 20 00 80 11 fd
> 31 0a 00 00 6a 0a 00 00 02 04 85 00 58 05 db 60 23 6c 82 05 cf 30 82 05
> cb a1 03 02 01
>
> COMP1 2006-05-23 11:27:53 UDP 192.168.1.106 192.168.1.2 192.168.1.106
> VPN PPL Internal Denied 0xc0040013 - Proxy2.0's custom packet filter
> #926 N 0 0 0 0 - - - - - - - - 0 0 10.0.0.115 45 00 00 8f 03 dc 00 ac
> 80 11 21 6b 0a 00 00 6a 0a 00 00 02 26 e9 70 84 54 50 72 55 17 7c e2 a4
> 6e 30 6c a0 07 03 05 00
>
Adjust your filters to allow the NetBIOS Name Service (UDP 137) and
Kerberos (UDP 88) traffic and see if that helps. These ports really
should be allowed through the VPN.
HTH.
--
Regards,
Scott Lowe
ePlus Technology Inc.
|
Similar Threads
Linear Mode
