• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

VPN over an ISA server: some users can access resources on servers, others can't.

S

starriol

Member
Good morning guys.
We are having a weird problem in our network.
It's a Windows domain, running on 2 Windows 2003 domain servers. We have around 10 other servers, including an ISA server, all part of the domain.

The weird problem is that the VPN we have established with an ISA 2004 server, running it over PPTP, doesn't seem to work OK with some users.
The problem is that the users CAN connect to the VPN but can access resources on servers.

For example, some users can't do a \\servername, because they end up with an error saying "cannot find the network resource" or something like that. Even when added to the Domain admins security group.
But if I use another user (working ok) at the same location, will work OK.

The weird thing is that some users can access half the resources over the network.

For example, will work OK with some servers, but others can't be connected via Terminal Server Client, nor get a folder list with \\servername, but another user can work with that perfectly.

The same thing happens when copying the security groups from a user that works OK to the problematic one.

I'm lost here... 😕
 
Offhand, it sounds like a DNS resolution issue. Can you locate the missing resources using their IP addresses? \\192.168.x.x ?

How about an IPCONFIG /ALL listing from a VPN client that works, versus a VPN client that doesn't work?
 
Can you give us a little more about the network setup? Are you running AD? Do you have WINS/DNS servers? How are you handing out the IP's for the VPN connection?

John
 
RebateMonger: nope, doesn't work that way either. That's only with some users, other can access OK. Some to all, some to some resources.
The IPCONFIG /ALL is the same except the client's IP ADDRESS.

netsysadmin: running AD on the LAN side; the clients connect from nearly anywhere. No WINS, only DNS server.
The IP address come from the same pool as those handed to the LAN users. One of our two AD servers is DHCP also...
 
The problem was that there was a rule in ISA server that routed the traffic coming from VPN clients under an specific group name.

Thanks for the ideas guys!
 
Originally posted by: starriol
The problem was that there was a rule in ISA server that routed the traffic coming from VPN clients under an specific group name.

Thanks for the ideas guys!
Click to expand...

Thanks for posting the solution.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top