It is not recommended to enable RRAS on a DC. If you do, you need to configure the DC carefully. This link may help,
Name resolution on VPNConnection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"cush1978" <(E-Mail Removed)> wrote in message news:75C4E898-04E8-4ED5-965F-(E-Mail Removed)...
Hi Everyone,
I've been running a PPTP VPN server, through RRAS, on a Win2k server for
some time without any problems. The VPN server was a DC and DNS server. Just
recently I upgraded to a Win2k3 domain, I demoted the old DC, and I moved VPN
services over to one of the new DC's, and now VPN clients are encountering
some problems. Here's a basic breakdown of my domain member servers and
workstations:
2 "Win2k3 Standard SP2" DC's (also running DNS)
3 "Win2k3 Web SP2" file servers
3 "Win2k Server SP4" File Servers
50 "Win XP SP2" workstations
If a VPN client connects to the old Win2k VPN server, the client can access
any server or workstation on the network, via RDP, HTTP, network shares via
SMB, etc. However, if that same VPN client connects to the new Win2k3 VPN
server, everything works except for accessing network shares on some servers.
Specifically, the VPN client is able to access network shares on any XP
machine, 2k machine, or either 2k3 DC. However, the client has problems
accessing network shares on either of the Win2k3 Web servers.
I see different results from the client end, depending on the client OS. On
a Vista client, when using the \\servername or \\ipaddress UNC path from a
run line, the client will not appear to do anything for up to 2 or 3 minutes,
and then the following message will appear: "Windows cannot find
'\\servername'. Check the spelling and try again, or try searching for the
item by clicking the Start button and then clicking Search." This is as far
as I ever get on a Vista client - I never see any of the files within the
share.
On an XP client, when using the \\servername or \\ipaddress UNC path from a
run line, the client will sit there for a few minutes, like on the Vista
client, but the directory will eventually open up. If I try to open up a
subfolder within the share, I get an hourglass and the client will again
appear to hang, sometimes for as long as 5 minutes. On occasion, the
subfolder will eventually open up, but most of the time I'll receive,
"\\servername\subfolder is not accessible. You might not have permission to
use this network resource. Contact the administrator of this server to find
out if you have access permissions. The specified network name is no longer
available."
This is not an NTFS or share permissions issue. I am able to access the same
folder, via the same domain account, from a machine on the LAN, or from a
remote machine over a VPN connection to the old Win2k VPN server. Somehow,
the problem is related to RRAS running on a Win2k3 server - I just have not
been able to get down to the bottom it. I've tried just about every
configuration setting within RRAS, to no avail, and the settings match what I
have set on the Win2k VPN server.
I should note that using the FQDN also does not work. And for what it's
worth, I feel like I've checked everything on the Netbios and DNS end. It
definitely is not a DNS issue, as pings to the hostname resolve correctly,
and I've even tested with entries in the hosts file, to no avail. I've made
sure that Netbios over TCP/IP is enabled the client end, the VPN server, and
the file server. I've also played around with specifying sub folders within
the UNC path, to no avail. I was convinced at one point that I was
encountering an issue with SMB signing. I should mention that none of the SMB
signing settings are being pushed via group policy. I've tried forcing SMB
signing on both the client and server end, and completely disabling SMB
signing, to no avail.
One last interesting note. I've enabled auditing on one of my 2k3 Web
servers and I can see, via the Event logs, that the client successfully
authenticates with the correct domain account, but then it logs off after a
few minutes. I can see this via the 540 and 576 messages, and then the 538
message. For me, this rules out an issue with the VPN client passing the
wrong credentials, or not finding the client due to a DNS or Netbios
conflict. Rather, this does still seem like an SMB signing conflict, or
another strange issue related to SMB.
Thanks for any advice you can provide.
Similar Threads
Linear Mode
