Re: PPTP misery


So, to clarify regardless of all the other content and suspicions...

VPN (PPTP) to the SBS server *will* work from machines that are *not*
members of the SBS domain. It will *not* work if the machine is a
member of the SBS domain. Correct?

If that's true then we know there are no configuration issues on the
server or network as far as its 'ability' to facilitate these
connections.

The only real difference between the domain workstations and the
non-domain workstations in regards to VPN would be A) NTLM
authentication pass-thru processing B) effect of any SBS policies that
could be taking place (both on the server side and workstation side)
and C) Configuration of VPN client if only using the pre-configured
"Connect To Small Business Server" client on domain workstations.

For the moment we're assuming no changes have taken place on external
dns host names, and since you don't know much about group policies
we're assuming you haven't made many changes there that aren't applied
by wizards. So I'd start with the firewall settings via policy.

Since the firewall is greyed out, but is the most likely culprit, then
we know group policy is effecting it, but we need to know if it's
actually blocking it. To start with lets turn it off entirely.

Go into the Server Management Console > Advanced Management > Group
Policy Management > Forest: YourDomain.local > Domains >
YourDomain.local > Group Policy Objects. (note, don't just try and be
intelligent here and type gpedit.msc)

There should be two GPO's there that are related to the XP Firewall,
one for PreSP2 and one that is PostSP2. Right click on GPO Status
and select All Settings Disabled.

You then need to force the new Group Policy to refresh... open up a
command prompt and enter

C:\>gpupdate /force

You'll get a prompt to log off, do so. You can force the group policy
update from the workstation as well if you wish, but you still want to
log off and back on no matter what. (make sure the workstation is on
the lan at this point of course).

That should take care of your firewall issue on the workstation if I've
remembered everything right. So give that a shot and see if it makes a
difference with connecting via vpn and let us know.


Question: Do the domain workstations have the automatically installed
"Connect To Small Business Server" shorctut on the desktop? If so are
you using that to try and connect? If it's not there then you didn't
connect the workstations properly to the SBS domain and/or the wrong
template was chosen when setting up the user/workstation from the
wizard which would also explain why it's blocked. (I tend to lean
towards the fact that it's just the enhanced security after the service
pack installations though since it used to work supposedly).

Matt Ridings - MSR Consulting


--
admin
------------------------------------------------------------------------
admin's Profile: http://forums.msrportal.com/member.php?userid=1
View this thread: http://forums.msrportal.com/showthread.php?t=13955

MSR Consulting SBS Support - support (at) msrportal.com

.