Re: VPN tunnel with XP Home on remote end can't connect to server in App Mode

Well after all that, doing the same things over and over again, I
finally got it working today on all Home and Pro machines. I don't know
if it was a combination of issues or just one, but I did the following
today:

Set the MTU at 1300 on the Linksys as the ping tests showed it to be
set at that on our network.

Booted each machine in safe mode as Administrator, deleted the
MSLicensing registry key, rebooted, installed VPN client (Watchguard)
just for backup reasons, upgraded the ICA client and then rebooted
again into Safe Mode with networking, logged into Citrix (sometimes it
didn't work and required another reboot for some reason). Safe mode as
Administrator seemed to get the license properly.

I did not config these machines prior to this so there could have been
any number of reasons why this didn't work, but I'm just glad I got it
going. Thank you so much for all your advise...it really did help.


Vera Noest [MVP] wrote:
The problem seems to be something with your LinkSys router, but
I've no idea what exactly.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

jheinzel@xxxxxxxxx wrote on 05 jun 2006 in
microsoft.public.win2000.termserv.clients:

Also as if things weren't strange enough, I have my laptop here
which I use daily at the office. I cannot connect to Citrix via
the VPN tunnel, but if I enable the VPN client I can. I'm on XP
Pro and obviously have a valid license. So it seems of all the
machines in this building only two are able to connect using the
VPN tunnel and the rest are not able. The two in question do
have XP Pro.


Vera Noest [MVP] wrote:
If there's a problem with the permissions on the MSLicensing
registry key, it's on the client, not on the server.
The client stores the license locally in the MSLicensing key.
If users don't have Full Control on the MSLicensing key on the
client, they can't store the TS CAL, and thus are refused a
connection.

But if you have the same problem when logging on to the client
machines as local Administrator, you should have sufficient
permissions to store the license.

Let us know how it goes next week.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

jheinzel@xxxxxxxxx wrote on 02 jun 2006 in
microsoft.public.win2000.termserv.clients:

I'm running Win2000 Pro on the servers. I checked the
registry keys and all seemed ok, I also logged in as
administrator with the same results.

I am going to the location on Monday and I hope I can get
this running, as I too am stumped. The fact that one Pro
machine won't work, but two others will and no Home machines
will confuses me.

The only thing I can think of is that the machines that have
connected fine, including those at my house, have all
connected to our network via a VPN client rather than a
tunnel prior to this. The ones that won't connect now, have
never connected to us before either. So I wonder if while I'm
on location I bypass all VPN tunnels etc and just install the
VPN client on the machines that won't connect and try that
first, then try it after the tunnel is reconnected that might
work. Just an idea.


Vera Noest [MVP] wrote:
No, your ping test shows that the MTU size is not the
problem. I'm beginning to get stumped, I must say.
How about the permissions on the MSLicensing key? Can you
confirm that the problem also exists when you login as local
Administrator on the clients?
And which OS is your TS and your LS running?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

jheinzel@xxxxxxxxx wrote on 01 jun 2006 in
microsoft.public.win2000.termserv.clients:

I did upgrade the firmware. I have tested for the MTU
size, results are as follows:

Pinging 172.16.100.20 with 1472 bytes of data:

Reply from 172.16.100.20: bytes=1472 time=159ms TTL=58
Reply from 172.16.100.20: bytes=1472 time=630ms TTL=58
Reply from 172.16.100.20: bytes=1472 time=158ms TTL=58
Reply from 172.16.100.20: bytes=1472 time=162ms TTL=58

Ping statistics for 172.16.100.20:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 158ms, Maximum = 630ms, Average = 277ms

It was only Home machines, but now I found a Pro machine
doing something similar, but not the exact some thing. I
can't connect via ICA or RDP with it or the home machines.
But at the same location I have other machines that can
connect via ICA (Pro machines).

They were connected previously via the VPN client before
the Linksys was put in and a tunnel setup.

MTU is disabled on the Linksys I'm not sure about the SMC
(Cable Modem/router), but since I can pass the 1472
packets but nothing higher, do I need to enable and
increase it?

Vera Noest [MVP] wrote:
Pro? I thought we were talking about Home edition?
Have you done the ping test to check if there is a
problem with the MTU size?

Have you checked if there is a firmware update for your
LinkSys router? I know that some versions of the firmware
contained a problem with UPnP, which caused data
encryption errors, making an rdp connection impossible.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

jheinzel@xxxxxxxxx wrote on 31 maj 2006 in
microsoft.public.win2000.termserv.clients:

I'm looking at my Terminal Services Licenses and I see
the desktops listed under Temporary Licenses and then
the Pro machine that won't connect under Existing and
Temporary. I can't for the life of me figure out why
these won't connect.


Vera Noest [MVP] wrote:
OK, so that confirms that it is a licensing issue.
First of all, please check in the TS Licensing Manager
that you have free *purchased* TS CALs available. The
fact that other clients can connect dosn't necessarily
means that you have a free license avialable for this
client.

Assuming that you do have a free license available,
there are a couple of reasons why it can't be
transfered to this client:

1. the user doesn't have at least Full Control
permission to the registry key on the client which
stores the license, which is:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing

2. there might be a black hole router between your
client and the TS, which blocks packets above a
certain size. This prevents the transfer of the
permanent TS CAL to the client (on first connection,
the client gets a temporary license, on second
connection, it gets a permanent license). If this is
the problem, you have to change the MTU size. Check
the Terminal Services FAQ, there are 2 items about
this under "Connectivity"
http://www.microsoft.com/windowsserver2003/community/ce
nte rs/ ter min al/terminal_faq.asp

_______________________________________________________
__ Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email
___

jheinzel@xxxxxxxxx wrote on 30 maj 2006 in
microsoft.public.win2000.termserv.clients:

Yes I get error 1004 on the Citrix Servers.

Event Type: Warning
Event Source: TermService
Event Category: None
Event ID: 1004
Date: 5/30/2006
Time: 2:28:02 PM
User: N/A
Computer: TC-CITRIX2
Description:
The terminal server cannot issue a client license.

It will not connect via the RPD client either. I am
running the latest version of botht he Citrix ICA
client and RDP client. I can connect to other
servers, just not the ones that require a TSCAL.
I've tried setting up a LMHOST file for my domain
controller and that didn't seem to work either.

.

Relevant Pages