VPN Remote Access Issue - Can Login, but can't access local resour

I'm trying to log in remotely to a SBS 2003 Domain, fully patched.
I'm
trying to login from my XP Pro machine at home which is also fully
patched. Environment is as
follows:

There are a total of four servers.

3 Servers exist at the office, I have an additional BDC server that
exists at home(remote location).

Here's the rundown:

At the office:
1 SBS 2003 server (Jupiter)
Jupiter has two nics, one nic has a live static IP on the internet
which is a FQDN, the other is an internal static IP address for the
local business network of 172.16.10.7.
1 Win2K BDC and Print server (Mercury)
1 Win2K File and DHCP Server (Venus)
Several desktops connected to the 3 servers

At home(my remote location):
All computers (desktops and servers) at home connect through a router,
with all IP addresses starting with 172.16.11/24.

We Have:
1 Win 2K BDC and backup file Server (mars).
2 desktops connected to Mars at home both remotely VPN to Jupiter.

The BDC server at home (MARS) connects to the SBS 2003 (Jupiter) via
VPN.

Home network uses the following internal IP addresses: 172.16.11/24
Business network uses the following internal IP addresses:
172.16.10/24

Everything on the local network at the office (or at home) works
flawlessly.

Here's the route of the problem:

From home, I can login into my SBS 2003 server remotely. But I can't
do anything once I get there. If I use my MS Outlook 2007 or Outlook
2003 while logged onto Jupiter through the VPN tunnel, a message keeps
popping up saying
"needs password". I have entered the password 20 times, and
nothing...

Today, I again attempted to login remotely via VPN. I obtained an IP
address. However, this time I got one ping off to Venus before
everything else timed out. I also tried to ping Jupiter, all timed
out.

System was working flawlessly until about 2-3 weeks ago. Then my home
Outlook started crashing all the time because of what appeared to be a
problem with access to a public folder that we heavily use at the
office, so i decided to delete my pst file at home, delete all my
outlook settings, and start over. Only after I deleted my exchange
settings at home, I could never get them to populate back when I tried
to reconfigure Outlook. Eventually, I noticed that my vpn connections
were not listing a VPN IP address. I thought this peculiar so went to
the office and checked out the DHCP server (Venus --it's also our file
server)). At first, I thought the problem was related to that. So, I
rebooted the Venus Win2K server and DHCP was working. I then
confirmed that we were getting an ip address via VPN thru a PPP
adapter at home. I poked my head around some server settings on the
SBS 2003 Server (Jupiter), did the internet configuration wizard again
and the firewall config wizard on the SBS 2003 server and went back
home.

Once I got back home yesterday, everything was great. I could access
all network resources from home. I could access everything. I was
getting a DHCP address via VPN at home (remote location) and my
exchange inbox at home downloaded megabytes of email from the exchange
server. Life was good........Until I rebooted my home computer. I
don't know if the problem just rematerialized or was related to my
reboot of my home computer. Considering that the other computer also
gain access again to its server, and then lost it after I reboot, my
natural inclination is to blame the reboot of the home XP Pro machine,
but it could just be coincidence.

Now I'm back to where I started from (sorta). When I connect to the
VPN, I'm getting an IP address. It's 172.16.10.25. Last night, I
could ping all the servers, mercury, venus, mars, jupiter. I just
couldn't do anything inside the network at work. Now I can't even
ping the servers. If I try to access a mapped network drive, I get an
error message saying "the local device name is already in use" The
connection has not been restored. If I boot up outlook it says
"needs exchange password" and refuses to do anything else except ask
me to renter the password. Same thing happens on the other XP Pro
machine at home (I didn't reboot that one). Now, my outlook at home
does nothing. It keeps saying "trying to connect to exchange server",
but doesn't prompt for a password. Problem seems to be morphing....

I'm really at a loss here. Doesn't appear to be a problem with DHCP or
DNS. Perhaps WINS playing a role? Firewall settings on Jupiter (SBS
2003 server) seem like the obvious area to explore. I can login
remotely to jupiter by using the remote desktop access, but I just
can't access the office's network resources which obviously is
problematic for me. Interesting, ever since I installed the SBS
server, it has never permanently accepted any changes made to the
firewall settings. What I mean here is that if I access "server
management" and click on the "change firewall" settings, I must then
go through the internet connection wizard everytime. Obviously
something is amise here. Might it have something to do with Hosting
the DHCP server on Venus (a win2k server)? Am I required to have the
PDC/Exchange Server also function as a DHCP server in SBS 2003
environments to support VPN?

Further update: When I could no longer ping the office from home via vpn, I
reset all of the Firewall settings on home desktop computer and solved that
problem. I can now ping away again, but get the dreaded "enter password" when
trying to access the exchange server. So perhaps the problem is in the
firewall settings, question is where. Is it the server? Desktop PC? If it is
the desktop PC at home, why does the other desktop PC also not get access
when no changes have been made to that machine....this to me indicates it's a
server issue. Question is where is the problem.


Any thoughts, greatly appreciated.

If you prefer not to post here, please email your thoughts to

arretium and gmail.com so use the "at" symbol in place of and and remove the
spaces...

Arretium
Tue May 13 22:37:00 PDT 2008

Update:

I began to suspect that the problem may be related to Windows Firewall on
the desktop machines, so I went into the GPO (Global Policy Editor) and
disabled Windows Firewall. Rebooted the machines, verified that windows
firewall was disabled, attempted login again. Still no luck, can't access
network resources.

However, as earlier (and I did not make this clear), I **CAN** access RWW
(Remote Web Workplace). I have been able to access RWW all along, but I
can't access the network by logging in via the VPN and that's what I really
need to get working. Still at a total loss as to ideas.

The finger seems to point at the SBS 2003 server, but the problem is what
did I do recently to make this occur? Other than install all the patches.
Nothing that I can think of.

I noticed while investigating the problem in the security event log that
whenever my remote machine sends its login credentials to access the Exchange
Server, the username, password, and domain information is left blank. Maybe
a clue?

v-gzwang
Wed May 14 02:39:10 PDT 2008

Hello,

Thank you for your post.
My name is Gary Wang, and it is my pleasure to work with you on this issue!
Please allow me to confirm that my understandings are correct. As I
understand it, the issue is:

When your VPN client trying to access Exchange server, a message will keeps
popping up saying "needs password" even you entry the password.

If I have misunderstood your concerns please feel free to let me know.

Generally, we recommend the customer run DHCP on SBS, this will reduce many
unexpected network issues. If we unable to resolve this issue after we
perform the following steps, we may need to disable DHCP on the member
server and let SBS to hold the service.

Suggestion :
==============
1. Make sure the VPN configuration is correctly configured. Please try to
reconfigure the VPN on SBS as below:

1) Disable RRAS

a. Schedule a network down time.
b. Please open Routing and Remote Access console on SBS thru run command
"rrasmgmt.msc"
c. Right click the SBSname (local), select Disable Routing and Remote
Access console

2) Run CEICW on SBS

You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

a. On the Connection Type page, click Broadband, and then click Next.
b. On the Broadband Connection page, under My server uses a direct
broadband connection, click Next.
c. If your network connection to the Internet is disabled, you will
receive the Network Connection, You must enable and configure the network
connection to your ISP page. If you do not receive this page, go to step e.
On this page, under Connection name, click Network Connection.
d. Configure IP settings according to the requirements of your ISP, and
then click Next. (The network connection is now enabled.)
e. On the Network Connection, You must click the connection for your ISP
and local network page, under ISP network connection, click Network
Connection.
f. Under Local network connection, click Server Local Area Connection, and
then click Next.
g. On the Direct Broadband Connection page, next to Preferred DNS server
and Alternate DNS server, type the IP addresses that are provided by your
ISP. To change the Default gateway setting, type the default gateway IP
address if the IP address is not provided by DHCP. Click Next.
h. Complete the Configure E-mail and Internet Connection Wizard.

3) Run Remote Access wizard

a. On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.
b. Under Network Tasks, click Configure Remote Access.
c. Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
d. Type the fully qualified public domain name (your public DNS name) of
your server, click Next, and then click Finish.
e. When the wizard is completed, click Close.

4) Then you can access RWW to download Connection Manager or copy the file
from SBS server c:\ClientApps\Connection Manager\SBSPackage.exe. Please
save the sbspackage.exe file in VPN client computer. Then double-click
SBSPackage.exe to run it. After this file run the "connect to small
business server" will be created and you can use it to connect VPN to your
SBS server.

Based on my experience, the issue most likely be due to that client are
using cached credentials or their password are expired. Password for the
user account is changed in the Domain and customer is using Cached
credentials(Old Password) to log on to the computer as the computer is not
connected to the Domain. I would like to suggest that check the following:

2. In the Credential Manager add the Exchange server and user credentials
and save it. On the affected computer, click on:

a. Start > Control Panel > User Accounts > Advanced > Manage Password
b. Add Exchange server FQDN and the user credentials (Changed Password)
c. Click on OK

3. Make sure the account for VPN client is not expired or locked.

a. Open dsa.msc on SBS server.
b. Double click the VPN client's user account to open user's properties.
c. Navigate to Account tab, check the "Account is lock out" is not
selected. And also check "Account Expires" option to make sure the account
is not expired.
If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

Information Need
==============
1. Check event viewer for related information, if there are any, please
help save it to *.evt and send to me at v-gzwang@microsoft.com.
2. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_sbs.txt" and "route print > c:\route_sbs.txt" on SBS, send the
files c:\ipconfig_sbs.txt and c:\route_sbs.txt to me at
v-gzwang@microsoft.com
3. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_client.txt" and "route print > c:\route_client.txt" on
problematic client, send the files c:\ipconfig_client.txt and
c:\route_client.txt to me at v-gzwang@microsoft.com
4. Have you change VPN client's password recently?
5. Do you have ISA 2004 on your SBS server?
6. Gather MPS network report on SBS:

a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe.
c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.
d. Open Windows Explorer, navigate to the folder:

%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me at v-gzwang@microsoft.com

I look forward to your reply. Also, if you have any questions or concerns,
please do not hesitate to let me know. I am happy to help. :-)

Thank you for your time and cooperation!

Best regards,

Gary Wang(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: VPN Remote Access Issue - Can Login, but can't access local
resour
| thread-index: Aci1hIhpUDFthgj2QaOEyaSO+lmISA==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?QXJyZXRpdW0=?= <Arretium@discussions.microsoft.com>
| References: <4CBD003A-733F-4358-A355-171F16A1844B@microsoft.com>
| Subject: RE: VPN Remote Access Issue - Can Login, but can't access local
resour
| Date: Tue, 13 May 2008 22:37:00 -0700
| Lines: 22
| Message-ID: <6382CBB5-B8A9-4FE0-B411-85609C840A26@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:107584
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Update:
|
| I began to suspect that the problem may be related to Windows Firewall on
| the desktop machines, so I went into the GPO (Global Policy Editor) and
| disabled Windows Firewall. Rebooted the machines, verified that windows
| firewall was disabled, attempted login again. Still no luck, can't
access
| network resources.
|
| However, as earlier (and I did not make this clear), I **CAN** access RWW
| (Remote Web Workplace). I have been able to access RWW all along, but I
| can't access the network by logging in via the VPN and that's what I
really
| need to get working. Still at a total loss as to ideas.
|
| The finger seems to point at the SBS 2003 server, but the problem is what
| did I do recently to make this occur? Other than install all the
patches.
| Nothing that I can think of.
|
| I noticed while investigating the problem in the security event log that
| whenever my remote machine sends its login credentials to access the
Exchange
| Server, the username, password, and domain information is left blank.
Maybe
| a clue?
|
|