Re: PPTP misery
- From: MSR Consulting SBS Support <support@xxxxxxxxxxxxx>
- Date: Mon, 11 Dec 2006 10:38:09 -0600
hehe, no you're not missing something. The issue is on the server end (I
believe)...*but* it only effects clients with certain patch levels. The
key you are editing/adding is only there at one of the patch levels
that will work with the server....thus...
If you prefer to work on the server side without confirming that this
is really the issue we can do that as well:
Here's the gist of where I'm going:
I suspect that it is an issue with the TCP/IP configuration on the
server, specifically the gateway setup. And more specifically I believe
a setup where it responds via a different IP address than it supposedly
received on.
Here's why:
If the gateway configuration is wrong on the server, it presents a
security risk by allowing easier access to hackers. Note that there is
nothing wrong with the server software, just the way it was configured
is a risk.
Now on to the client side. To make their VPN client more secure
Microsoft released a patch during one of their service packs I believe,
that updated the VPN client so that it checked the server to see if it
was configured incorrectly. If it was then it would not work.
So, what that leaves you with is any XP box that is *fully* patched
with that update would not work if your server gateway configuration is
wrong.
So, any XP boxes without that patch would work...and any with it would
not. Given that all of your domain boxes are not working..and that they
probably received the patch directly from the SBS server, this sounds
like a likely culprit to me.
The way to fix that would be to check the IP setup on the server and
resolve. One way to *test* that theory though would be to either apply
all patches and updates to one of the XP boxes that *is* working and
see if it *stops* working, or to take one of the non-working boxes and
add the registry key that makes it bypass doing that security
check...which in turn should make it start working.
Now that explained all of that though, if you've correctly entered the
registry key to bypass pptp ip checking and it's still not working then
my theory seems shot to he** doesn't it? I apologize for having you go
through the registry again though, I didn't link to the kb article you
posted before and didn't realize it was the same issue I was posting
about.
I would still focus in on the tcp/ip setup on the server for a bit
though, and the second thing would be getting a larger sample of *non*
domain machines to try this on.
I'm more than happy to throw some machines in my lab at various OS's
and stages of patches at it if you want to temporarily set up and
account to test them on. It's certainly got me intrigued...and a bit
frustrated.
Matt Ridings - MSR Consulting
--
admin
------------------------------------------------------------------------
admin's Profile: http://forums.msrportal.com/member.php?userid=1
View this thread: http://forums.msrportal.com/showthread.php?t=13955
MSR Consulting SBS Support - support (at) msrportal.com
.
- Follow-Ups:
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- References:
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- From: Simon UK
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- From: Simon UK
- Re: PPTP misery
- From: MSR Consulting SBS Support
- Re: PPTP misery
- Prev by Date: Re: PPTP misery
- Next by Date: Re: PPTP misery
- Previous by thread: Re: PPTP misery
- Next by thread: Re: PPTP misery
- Index(es):
Relevant Pages
|
