RE: VPN Question

Hello Customer,

Thank you for posting here and thanks for Justin's reply.

According to your description, I understand that the VPN clients can
dial-up, but they can't access share folder via Windows Explorer. If I have
misunderstood the problem, please don't hesitate to let me know.

Before we go any further, please let me know the following information so
that we can understand your situation more clearly.

Try to ping the Server via IP address and Server name, is it work?

Try to access share folder via \\ServerIP\ShareName, is it work?

Try to access share folder via \\ServerName\ShareName, is it work?

If you can access the share folder via IP but can not access via NetBIOS
name, that means the problem is incorrect WINS setting. So I suggest you to
point the VPN client's WINS to SBS IP address (TCP/IP Properties
->Advanced->WINS).


If you can not access the share folder via both IP and NetBIOS name, I
suggest you to perform the following steps:

Based on my research, this problem occurs mostly because of a change in
Windows Server 2003 SP1. Windows Server 2003 SP1 enables the
BootTimeSecurity registry entry. Therefore, after you install Windows
Server 2003 SP1, the Windows Server 2003 Ipnat.sys driver drops VPN packets
that it receives.

You can find more information about it in:
VPN clients can no longer access internal resources after you install
Windows Server 2003 Service Pack 1 on a computer that is running ISA Server
2000
http://support.microsoft.com/kb/897651/en-us

I suggest that we try the following steps to see if the problem can be
resolved:

Step 1: Contact the PSS to obtain the hotfix 897651 (the link above) and
apply the hotfix on the SBS Server.
(You must restart the computer after you apply this hotfix.)

Step 2: After you install this hotfix, you must set the value for the
following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat\Parameters

You must set this value as follows:

Value name: DisableBootTimeSecurity
Value type: REG_DWORD
Value data: 1

After these 2 steps, if VPN clients can't access Internet, I suggest we try
to manually create a VPN connection on the remote client through the
following KB article:

How to configure a VPN connection to your corporate network in Windows XP
Professional
http://support.microsoft.com/?id=305550

Then we can try the following steps:

Not using the remote gateway on the client, to do so:
On the remote client

1). Double-click My Computer, and then click the Network and Dial-up
Connections link.

2). Right-click the VPN connection that you want to change, and then click
Properties.

3). Click the Networking tab, click Internet Protocol (TCP/IP) in the
'Components checked are used by this connection' list, and then click
Properties.

4). Click Advanced, and then click to clear the Use default gateway on
remote network check box.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Does the problem occur on all remote VPN clients?

2. Try to ping the Server via IP address and Server name, is it work?

3. Try to access share folder via \\ServerIP\ShareName, is it work?

4. Try to access share folder via \\ServerName\ShareName, is it work?

5. Please gather the outcome of command ipconfig /all on VPN client and SBS
server after you setup VPN connection.

Hope this helps.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: ashkaan57@xxxxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: VPN Question
| Date: 11 Jan 2007 13:57:10 -0800
| Organization: http://groups.google.com
| Lines: 8
| Message-ID: <1168552630.622686.103190@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 70.182.188.112
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1168552632 13383 127.0.0.1 (11 Jan 2007
21:57:12 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Thu, 11 Jan 2007 21:57:12 +0000 (UTC)
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9,gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: p59g2000hsd.googlegroups.com; posting-host=70.182.188.112;
| posting-account=3hAtLwwAAADWjTWuDkRFaldPioBNaYQs
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!p59g2000hsd
..googlegroups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:9674
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
| I set up VPN on my WIndows 2003 SBS and created a connection from a
| remote desktop through whci I can connect to VPN. It logs me in and
| registers my computer but when I open Windows explorer, I don;t see any
| of the shares. Have I missed something?
|
| Thanks.
|
|

.

Relevant Pages

  • RE: VPN Error 800
    ... On the Small Business Server 2003-based server, click To Do List in the ... Click Next, click Enable Remote Access, click to select the VPN Access ... go to the client and establish the VPN connection to the ... please help me gather the ISA info and ISA log: ...
    (microsoft.public.windows.server.sbs)
  • RE: Enabling VPN Remote Access using SBS 2003 standard with ISA 2004
    ... SBS Server, the inbound VPN connection no longer worked. ... Configure the VPN connection on the client and do a VPN test. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN via Wireless Broadband
    ... I don't know how timing-sensitive VPN connections are. ... Browsing to the User shared folder from the client doesn't work. ... shares on the server and SYSVOL is there and one can use Windows ... How to configure a VPN connection to your corporate network in Windows XP ...
    (microsoft.public.windows.server.sbs)
  • Re: Certifcate reset error - Need for mobile device connect
    ... What I am trying to accopmlish is to have my SBS exchange server synch wireless with a Motorola Q phone. ... Manager packet from the SBS 2003 server to recreate the VPN connection. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA2004 kills VPN outbound
    ... The VPN connection you're seeing into the branch-office server is me ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)