Domain logon issues via VPN tunnel 1

[Supernn]

I'm connecting my notebook via a CheckPoint VPN client to my company network via my WLan connection.

The authentication is successful and I can use the VPN tunnel and am able to use RDP to get access to servers on our main site (so it should not be my firewall).

However I cannot get access to our domain and the response is always the same: "No domain controller could be found, you may not be able to gain access to some resources".
The domain controllers are added to my lmhosts file as followed:
172.xx.xxx.xxx Domain controller1 FQDN #PRE #DOM: DOMAINNAME
172.xx.xxx.xxx Domain controller2 FQDN #PRE #DOM: DOMAINNAME
(I have of course left out the actual FQDN names, domain name and internal IP addresses...).

I can ping all servers but the domain access prohibids me from working normally.
The notebook works fine whenever I'm using it in the office.

Does anyone have an idea?

 

[xmsre]

DNS

 

[Supernn]

Hi xmsre,
This could have been the problem, however I can ping the servers via their DNS name perfectly fine. They can even be resolved with their FQDN name without any issues.

The other thing is that colleguas of mine do not have any issues.

Thanks in advance.

 

[strongm]

You probably want to enable SecuRemote's SDL (Secure Domain Login) setting

 

[Supernn]

Isn't that for encryption only?

I've disabled the Check Point SecuRemote from my Lan connection, as we have set up the VPN client based on remote IP address (I can only use it from home, I cannot test it at the main office, where I use my Lan connection in stead of my WLan).

 

[strongm]

Not entirely. It also ensures that domain authentication is only attempted after the VPN connection is established

 

[Supernn]

OK, what happens if my VPN cannot be established like in the office? Does it only look at the connection with the Check Point SecuRemote enabled?

Why do my collegues do not have this issue? Has this something to do with the fact that they are domain admins and I'm not?

 

[strongm]

An additional question: what OS are you running on your laptop?

 

[Supernn]

XP Sp2
I'll check it out this weekend and will let you know.

 

[strongm]

XP Home or Pro?

 

[Supernn]

Sorry, Pro of course...

 

[strongm]

Just checking: had a user recently who had a fairly similar problem, but which was caused by the fact that they were running Home edition

 

[Seaspray0]

when your vpn client receives an ip address and is connected, try running at a dos prompt c:>ipconfig /all

It will provide you with all the ip settings on your vpn connection. check and make sure you are getting all the dhcp options you should be getting. Also, try pinging the server by it's FQDN name (i.e. server1.mydomain.com) as well as it's netbios name (server1). If you can't get the FQDN name to ping, you have a DNS issue.

A+/MCP/MCSE/MCDBA

 

[Supernn]

Hi,

Thanks for all the input, but it still seems not to work.
My DHCP settings are correct, i can also ping any server in our domain over both the DNS and the FQDN names.
Login on with SDL activated does not do the trick..

My WLan connection seems to be activated later then the VPN client.
I've also tried with autologon, also no result....

 

[MTVW]

You may not have to correct ports open for Kerberos....

Also, clients by default use UPD for Kerberos which is connectionless. Try switching to TCP which is much better

http://support.microsoft.com/kb/244474/EN-US/

 

[MTVW]

Port 88 udp/tcp...btw 464 udp/tcp for password changes I think 749 also.

 

[Supernn]

The link to the TCP change in the registry and the port 88 in my firewall solved the issue!
Even without the secure logon.
Great, thanks all!!

 

[MTVW]

You're very welcome. Glad it's working!

Thanks for the star btw.