Re: PPTP misery
- From: MSR Consulting SBS Support <support@xxxxxxxxxxxxx>
- Date: Mon, 11 Dec 2006 10:35:50 -0600
hehe, no you're not missing something. The issue is on the server end
(I believe)...*but* it only effects clients with certain patch levels.
The key you are editing/adding is only there at one of the patch levels
that will work with the server....thus...
If you prefer to work on the server side without confirming that this
is really the issue we can do that as well:
Here's the gist of where I'm going:
I suspect that it is an issue with the TCP/IP configuration on the
server, specifically the gateway setup. And more specifically I
believe a setup where it responds via a different IP address than it
supposedly received on.
Here's why:
If the gateway configuration is wrong on the server, it presents a
security risk by allowing easier access to hackers. Note that there is
nothing wrong with the server software, just the way it was configured
is a risk.
Now on to the client side. To make their VPN client more secure
Microsoft released a patch during one of their service packs I believe,
that updated the VPN client so that it checked the server to see if it
was configured incorrectly. If it was then it would not work.
So, what that leaves you with is any XP box that is *fully* patched
with that update would not work if your server gateway configuration is
wrong.
So, any XP boxes without that patch would work...and any with it would
not. Given that all of your domain boxes are not working..and that
they probably received the patch directly from the SBS server, this
sounds like a likely culprit to me.
The way to fix that would be to check the IP setup on the server and
resolve. One way to *test* that theory though would be to either apply
all patches and updates to one of the XP boxes that *is* working and see
if it *stops* working, or to take one of the non-working boxes and add
the registry key that makes it bypass doing that security check...which
in turn should make it start working.
Now that explained all of that though, if you've correctly entered the
registry key to bypass pptp ip checking and it's still not working then
my theory seems show to he** doesn't it? I apologize for having you go
through the registry again though, I didn't link to the kb article you
posted before and didn't realize it was the same issue I was posting
about.
I would still focus in on the tcp/ip setup on the server for a bit
though, and the second thing would be getting a larger sample of *non*
domain machines to try this on.
I'm more than happy to throw some machines in my lab at various OS's
and stages of patches at it if you want to temporarily set up and
account to test them on. It's certainly got me intrigued...and a bit
frustrated.
Matt Ridings - MSR Consulting
--
admin
------------------------------------------------------------------------
admin's Profile: http://forums.msrportal.com/member.php?userid=1
View this thread: http://forums.msrportal.com/showthread.php?t=13955
MSR Consulting SBS Support - support (at) msrportal.com
.
- Follow-Ups:
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- References:
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- From: Simon UK
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- From: Simon UK
- Re: PPTP misery
- Prev by Date: Re: SBS 2003 R2 svchost.exe crash each 4/5 days
- Next by Date: Re: PPTP misery
- Previous by thread: Re: PPTP misery
- Next by thread: Re: PPTP misery
- Index(es):
Relevant Pages
|
Loading
