RE: Slow VPN logon and Spuratic folder visibility
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 23 Jan 2007 09:36:33 GMT
Hello Sean,
Thank you for posting here.
According to your description, I understand that the remote VPN client
authentication process is very slow, and you can not access share folders
in internal network. If I have misunderstood the problem, please don't
hesitate to let me know.
The VPN authentication process issue and internal share folders access
issue are two Separate issues. Please understand that our newsgroup is an
issue based service, meaning we usually respond to one question/issue per
post. This will lessen the confusion for both of us, as well as ensure that
our results are accurate and not a result of a test for a different
question. Therefore, I will work with you on the first question in this
post (the VPN authentication process issue issue). Regarding the additional
question (internal share folders access issue), I suggest you create a new
post for getting more quick assistance.
Based on my research, I suggest we try the following steps to see if we can
resolve this issue:
Step 1:
You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
Step 2:
Technically speaking, for the hardware router/firewall scenario, besides
the TCP port 1723, we also need to open the GRE port which is used for the
PPTP VPN connection. It's not a TCP or UDP protocol based port. The
protocol number of the GRE port is 47.
Please check the router settings and make sure that the GRE port forwarding
is opened. You may need to contact the device provider for more assistance
on GRE configurations of the router and apply the latest firmware on the
router. Or, please try to replace firewall for another one to test.
Please also connect your ISP to confirm that they do not block the GRE
traffic.
Step 3:
Please try to add the following registry key on both the server and the
problem remote clients
1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Note: If the "Parameters" key does not exist, create it now.
3. On the "Edit" menu, point to "New", and then click "DWORD Value".
4. Type "MaxPacketSize" (without the quotation marks), and then press ENTER.
5. Double-click "MaxPacketSize", type "1" (without the quotation marks) in
the "Value data" box, click to select the "Decimal" option, and then click
OK.
6. Quit Registry Editor.
7. Restart your computer.
For detail info:
How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
Windows XP, and in Windows 2000
http://support.microsoft.com/?id=244474
Step 4:
Set the MTU on the SBS 2003 and remote clients to 1370 in the registry.
1. Open Registry and browse to
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<ID_for_A
dapter>
Select the <ID_for_Adapter> that is associated with the nic. To determine
this, highlight this key and look at the values on the right side of the
screen, particularly 'IP Address'. Find the <ID_for_Adapter> that has an IP
address that matches the IP assigned to the nic.
2. Right-click the right side of the screen, click New, and then click
DWORD Value. Name the value MTU.
3. Double-click the value so that you can edit the value, change Base to
Decimal, and then enter 1370.
4. Also installed the 898060 update on both servers.
Additional info:
Installing security update MS05-019 or Windows Server 2003 Service Pack 1
may cause network connectivity between clients and servers to fail
http://support.microsoft.com/?id=898060
If the issue persists, please kindly help me collect some information for
further investigation:
1. After authentication, the VPN client can access SBS fine?
2. Save the application event log and system event log as evt files on the
SBS and VPN clients and send to my mailbox: v-terliu@xxxxxxxxxxxxx
3. To verify whether the network connection is the root cause, please do
the following steps:
a. Please temporarily place a client directly connected to the external NIC
of the SBS Server. You can connect the external network adapter of the SBS
Server to a simple hub and connect the client to the same hub.
b. Manually configure the TCP/IP settings on the client computer to be on
the same subnet as the external network adapter of the SBS Server.
c. Turn off the Firewall Client on the client computer.
d. Configure the VPN connection on the client and do a VPN test.
Can the VPN authentication process quick?
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Slow VPN logon and Spuratic folder visibility
| thread-index: Acc+ZneyZ5j8H+Z4T7WxoUN7H67OGw==
| X-WBNR-Posting-Host: 74.0.66.178
| From: =?Utf-8?B?U2VhbiBNdXJwaHk=?= <SeanMurphy@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Slow VPN logon and Spuratic folder visibility
| Date: Mon, 22 Jan 2007 12:47:01 -0800
| Lines: 33
| Message-ID: <68B6642A-2DC1-4484-A129-172F0FA2390B@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:11994
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi all,
| I have two issues with an SBS 2003 Premium, both recent symptoms that may
be
| tied with a quick dabble in IAS. I hope someone can help track down the
| issue.
|
| First issue: I am experiencing extremely slow logons for any users that
| connect through a VPN connection. Specifically, a simple PPTP connection
to
| the server. It's rare we use it, preferring to use alternate methods
such as
| the RWW. These same users and computers logon fine while sitting on the
| network. Through the VPN, the authentication processes very quick, but
hangs
| when Applying Your Personal Settings .... This may take as long as five
| minutes, even when coming in from another local network outside of our
| SonicWALL firewall.
|
| Second issue: I am spuratically losing visibility to all network shares
| that are normally visible when accessing \\servername. This is for users
| both local on the network, and more common for users coming in through
the
| VPN. Instead of the ClientApps, Netlogon, etc...folders, I commonly see
only
| the Users folder. And, in cases where this is the only folder I see,
about
| half the time I am unable to open the Users folder, and the other half I
have
| access just fine with full permissions.
| The same user account that may have had a problem during the last logon
| attempt, only showing the one folder, may show all the shares during the
next
| logon.
|
| Any thoughts are appreciated, and I'll certainly provide any requested
| information that may help in the troubleshooting process. I've been
working
| with SBS 2K3 for a couple of years, but this one has me stumped.
|
| Thanks in advance,
| Sean Murphy
|
|
|
.
- Prev by Date: NTBackup Problem
- Next by Date: Re: Server Usage Report
- Previous by thread: NTBackup Problem
- Next by thread: RE: Excel Macro Security Problem - Trusted macros not running for users (but do run for domain admins)
- Index(es):
Relevant Pages
|
|
