Re: VPN Authentication & Mapping Issue
- From: JD Benton <JDBenton@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Dec 2005 08:28:06 -0800
Hello Al
This is my original post.
"Hello All
I have already posted this in another group but don't seem to be getting a
hit and I am getting some what desperate for a solution.
I have a very strange problem that I am hoping sure someone here is able to
help me solve.
Our setup is like this:
1. Windows 2003 domain
2. Many remote users with IBM laptops or Fujisu Stylistic Tablets
3. Checkpoint SecureClient VPN client software
4. RSA Ace server for VPN authentication
5. Scriptlogic 6.5.2 for mapping drives etc
The problem:
We have several users that authenticate to our network through a VPN
connection. These users have Checkpoint SecureClient installed on their
machines and are authenticated to a RSA Ace server that is a Member Server
in our domain. Once the user is logged on they run a batch file that maps
thier network drives via a short-cut to the Slogic.bat file in the Netlogon
directory of our PDC Emulator. Now for most people this is not a problem but
for some laptop
users and all Fujisu Tablet users the process of trying to run the login
script takes anywhere from 30-60 minutes to complete. What happens to the
people having a problem is this:
1. User runs the short-cut to Slogic.bat
2. After about 7-15 minutes they are prompted for a username and password
3. If they type in their domain user name and password they get prompted
again after about 4-10 more minutes with a message saying "that
authentication has been previously tried and failed".
4. The user can then type in a username and password from a temporary
account I created to help resolve this problem. This account is just a
simple domain user.
5. After several more minutes the logon screen will appear but can take up
to 35-40 to complete
6. When complete, the user checks for their drives but none have mapped.
As you can image, they are not very happy after taking all of this time only
to find out things did not work.
If the same user logs onto the network with the same machine while they are
in the office, everything works very quickly and as it should.
I have looked in the trace file that Scriptlogic creates and this an example
of the error message that I see:
08:44:58 Mapping drive G \\Server1\Graphics [SLP00001 1/30]
08:46:02 Error: Unable to map drive: 1265 The system detected a possible
attempt to compromise security. Please ensure that you can contact the server
that authenticated you.
OR
20:52:27 Error: Unable to map drive: 1326 Logon failure: unknown user name
or bad password.
I have been in contact with Scriptlogic and they tell me it is a Windows
authentication issue. I read one post where a person appeared to have a
somewhat similar issue to mine and they apparently resolved it by hard coding
the DNS address to on the user machine to point to the DNS server in the
domain. I gave this a shot but did not have any success. This seems to be
an obvious case of authentication but for the life of me I am stumped.
Hopefully someone out there has run into the same problem that has been
dogging me for several months and is able to lend a hand.
Thank you to all that take the time to read this and especially those that
fire me off some suggestions."
JD Benton
"FOAD" wrote:
> Didn't get your original note, what exactly is your issue?
> As I have (35) users using checkpoint securemote... maybe I can help..
>
> AL
>
> In article <16643A3D-8F57-4E89-8146-2C500C576B74@xxxxxxxxxxxxx>,
> JDBenton@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> > Chris
> > Thanks for your reply. I am not sure I understand what you mean though.
> > Our users use their ethernet connection via highspeed (DSL or Cable) to
> > connect to the internet. Once this connection is established they use the
> > Checkpoint SecureClient to conntect to our LAN and create the secure VPN
> > tunnel.
> >
> > Each user has a Linksys router that is configured to provide the internal
> > (192.168.x.x ) IP configuration for the ethernet connection on the user's
> > machine. Part of this configuration is a DNS address that points the the
> > Linksys router as the DSN server. The Linksys router gets its external IP
> > configuration including the DNS address from the user's ISP provider. I have
> > tried hard coding the IP address of the DNS server on our LAN into the
> > ethernet configuration on the user's machine but this has not resolved the
> > problem.
> >
> > "chrispsg" wrote:
> >
> > > When the user connects, the VPN connection (PPTP or L2TP) needs to use
> > > the DNS server on your LAN. Make sure this connection using the correct
> > > address and not the LAN connection of the laptop.
> > >
> > > psg
> > >
> > >
> >
>
.
- Prev by Date: Logging packets
- Next by Date: Re: Can't browse My Network Places across domains
- Previous by thread: Logging packets
- Next by thread: Don't miss today at 10a.m.: Live WebChat Session on "Using Microsoft DHCP for IP address management"
- Index(es):
Relevant Pages
|
|
