Kerberos issue when connecting via VPN

Similar Messages

• Users can only connect to RD farm website and cannot remote into terminal server , when connected via VPN

  Hello,
  I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
  configured gateway for internet access.
  Users are able to connect to RD farm website and remote into terminal server, within office
  but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
  Its takes long time at securing connection and fails.
  Thanks

  Hi,
  Thank you for your posting in Windows Server Forum.
  First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm. 
  Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
  this link.
  In addition, please refer beneath article for additional details.
  1. How to Access Windows Remote Desktop Over the Internet
  2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
  (For reference)
  Hope it helps! 
  Thanks,
  Dharmesh

• General Settings not retained when connecting via VPN

  Forum,
  We have a user who connects to SAP via a VPN connection. Since then they have found that any form settings/column amendments made are not being retained when next logging into SAP.
  When these changes were made direct in the office, they are retained.
  My question. Is there any differences in how the settings are retained within SAP when accessing via a VPN?
  Regards,
  Juan

  Hi,
  When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
  Please do the following to save form settings:
  1. Only 1 module should be open when using form settings.
      Close other modules that doesn't need.
  2. Close the module after changed. To make sure the settings are saved.
  3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
  4. Terminal Licensing should be use when connecting remotely.
  Thanks.
  Clint

• Server Admin not connecting to Leopard Server when accessing via VPN

  Hi everyone,
  Recently, as the title suggests, Server Admin (or Server Preferences, for that matter) would not connect to my remote server via VPN. I'm quite sure that the server is working nicely, as the users (both of them lovely young ladies with considerable charms, which makes on-site support quite interesting, if distracting) didn't call me to complain, and I can login via SSH with no problems.
  The server is a Mac Mini, connected to an Airport Extreme (gigabit N), which in turn connects to our ADSL modem, if that helps any.
  Now, I did tinker around a bit with the settings before this happened, so I think it's probably my fault (well, I started my "career" of administering this server a week ago, what do you expect), so I suppose I may have inadvertently limited access to a service required for Server Admin and Server Preferences to function.
  If anyone could tell me which services are absolutely necessary for Server Admin to function, or at least where to start looking, I'd be immensely grateful. I didn't yet go on site to try and wrestle the whole thing from there, as the travel costs are non-trivial, so I'd rather do it remotely, if at all possible.

  This is exactly the difficulty I am having with a 10.5.4 Intel xserve. I have established a VPN connection that connects me to my business LAN, and I know it has carried out the connection because there are a number of things I can access properly that are not available on the public internet. For instance, my LOM ports are restricted to my business LAN, and when I connect to the server via VPN I can access teh LOM ports and using server monitor. However, when I try to use Server Admin, nothing works. It won't connect. I too am confused. All traffic to the xserve is allowed via the business LAN. I thought all traffic was supposed to be routed to the VPN server when connected via a VPN. If this is the case, shouldn't Server Admin work? When I go on site and connect my computer directly to the business LAN, I have no difficulty using Server Admin.

• 10.6.1: Can't resolve FQDN when connecting via WLAN / Airport Base Station

  Hi everybody,
  after hours of work and having read many helpful topics in this forum (and other) I've successfully setup a Single Signon Environment for my home office. It's a dual core macmini server running 10.6.1 and only mac clients.
  The server is connected via switch to my airport extreme base station. This airport station uses PPPoE to connect to my ISP and it has the DHCP service running, handing out the clients' IP addresses. The server and the switch have all static IP addresses.
  My issue is the following:
  Whenever I connect via wifi or vpn using my MBP, I am not able to "bind" to the server (via system preferences : users : login setting) using the FQDN. The error is "can't resolve address. -2200" Instead it only finds myserver.local - and then I am able to set up my wifi connected client.
  However, when I set up the client with the .local address I am unable to get a kerberos ticket for my users. The ticket viewer says, that it can't resolve the address for myserver.mycompany.private
  I was able to get afp or ical to work on my vpn or airport connected clients when I used the server's IP address instead of a domain name - but only with kerberos turned off and with other problems.
  I've heard that if everything is configured right, the server should show up in every clients' sidebar with its FQDN and NOT the bonjour name. Right now it shows only the bonjour name - even on the clients connected via Ethernet.
  The other strange thing is that when I log into my client system I still have to authenticate with ticket viewer in order to get my kerberos ticket. Usually Single Signon should work with the login window, right?
  I really don't know what else to do. I double checked my DNS settings and everything seems ok. I entered the FQDN of the my server in the airport stations' DHCP settings as "LDAP server" - nothing changed...
  Do I need to use the server's DHCP service instead of the airport station's DHCP? And if I do this, how to I turn off airport's DHCP? It does not seem to be possible when connected via PPPoE to my ISP.
  I am unsure what to do in order to get things to work. Anybody out there who can help?

  Hi Davidh and thanks for posting!
  I had 3 DNS entries in my client's network settings - one was the server and the other 2 were from my ISP. Removing the ISP's DNS entries and keeping the server DNS IP solved my kerberos issue. Wow!
  I'd never thought that it won't work with more than the server given as DNS entries. I'll need to check this with my iPhone later, because I had a similar issue with that device yesterday when trying to connect via VPN.
  Thanks very much!
  Still one question:
  The sidebar of my clients still don't show the server's FQDN - but only its bonjour name. Is this right? I read in another forum that the client's sidebar should show the FQDN if everything is configured right.

• Financial Reports Client - 11.1.2.1 - Won't connect via VPN only?

  When I try and connect via VPN only. I get: You are not authorized to use this functionality. Contact your administrator.
  Here's the log from client. We have ensured the client version matches the server version exactly. Funny as when I'm directly on their network I can connect just fine. Hoping this log will point to solution.
  Log:
  [2012-06-01T10:31:45.196-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.registry.FRSystem] [SRC_METHOD: lookupHsServer] [[
  com.hyperion.reporting.util.HyperionReportException: Could not connect to the server.
  Please make sure that the server is running as specified in the logon dialog (including port number if not default).
       at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
  [2012-06-01T10:31:45.273-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.javacom.HsServer] [SRC_METHOD: getServer] [[
  java.lang.NullPointerException
       at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
  ]]

  I think you have already posted this problem on another post, I said it is possible it could be a ports issue.
  Have a look at the following http://www.oracle.com/technetwork/middleware/bi-foundation/epm-component-communications-11121-354680.xls
  Select FR studio as the client and it should give indication to the ports that need to be opened.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Mac pro does not recognize ipad device when connected via usb port, suggestions?

  mac pro running os 10.6.8 does not recognize ipad device when connected via usb port, suggestions?  itunes 10.7

  Here's a troubleshooting assistant: http://www.apple.com/support/ipad/assistant/itunes/
  The most likely issue:  Have you plugged your iPad into a USB port that is not directly part of your MacBook Pro?

• I have connected via VPN but can't see lion server .private

  when I am in my local network at home I simply go to finder and click on my server and connect to it. When I VPN form the net into my servers local network I dont see it in my finder? I know I am in the next work being I did a IP Check but am I am missing something how am I to get to the server to get to my files? it is set up as a .private.

  Spoke to an apple rep today. when accessing via VPN go to finder then go to the top menu click GO at the bottom of the drop down will be connect to server simply add the IP address to access.

• T420 - external 24" monitor DVI- Displayport : not detected when connected via KVM switch

  Hi,
  I've been using a 2port USB KVM Switch from InLine for a long time connecting a mac mini and a macbook pro
  to a 24" LCD. Recently I had to replace the MacBookPro with a T420. Unfortunately the T420 does not detect the
  monitor, when connected via the KVM switch.
  I tried:
  A) T420 -> Lenovo Displayport to DVI-Adapter -> KVM-Switch -> 24" monitor: NO SUCCESS
  B) T420 -> Thinkpad miniDock Series 3 DVI Port-> KVM Seitch -> 24" monitor : NO SUCCESS
  C) T420 ->Thinkpad miniDock Series 3 DVI Port-> 24" monitor - > SUCCESS
  D) T420 ->Thinkpad miniDock Series 3 VGA Port -> 24" monitor - > SUCCESS
  So I have a workaround, but leaving out the KVM switch is not a long term option.
  This is all on Win 7 professional / 64bit
  Using config (A) I then installed the Intel HD Graphics Driver version 8.15.10.2342 16 May 2011
  SURPRISE: during driver install, the monitor WAS detected!!!
  SECOND SURPRISE: after reboot I was back in the old situation where the monitor was NOT DETECTED
  CONCLUSION:
  Seems like a software issue with the Intel HD Graphice driver.
  ANY HINT/COMMENT/HELP highly appreciated!
  Thanks,
  Michael

  hey mgold,
  as the T420 works correctly with the external monitor and with the miniDock ; it is sad to say the the KVM switch is non-compatible.
  I would recommend that you get in contact with the manufacturer of the KVM. At the same time, try uninstalling the current video drivers of your T420 and see if it makes any difference with the KVM if the T420 is running on a generic driver
  WW Social Media
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  Have you checked out the Community Knowledgebase yet?!
  How to send a private message? --> Check out this article.

• OS X Lion gets kernel panic when connecting via CIFS

  A customer of ours has problems with OS X Lion clients that get kernel panic when connecting via CIFS (Novell OES server).
  Any new on this issue?
  Tycho Sjgren
  Apoio AB

  Originally Posted by tychosjogren
  Sorry for the late response - had to check a few things with the customer.
  They use the latest OES version with all the latest sp and patches applied. They have even tested with the an OES 11 beta with the same result. The OS run as a VM on VMware in 64 bit mode attached to a SAN. Has also been tested as a plain install without VMware. The Lion version is 10.7.2.
  This is how the problem occurs:
  1. Mount the CIFS share - no problems
  2. Use the share - no problems
  3. If the network connection drops you get a message that the CIFS volume has disappeared and you are asked to unmount it. When you do that you get a kernel panic. You can force the problem to happen by turning of WiFi.
  So it is OES2 but which version (SP1, SP2, or SP3)? Interesting as I'd only heard of this with NetWare 6.5.
  Do you (and anyone else experiencing this issue in this thread) know if this has recently started happening, perhaps after the latest November 2011 Scheduled Maintenance patches were installed?
  I'll hopefully be able to do some testing tomorrow but in the meantime I've asked Novell ...
  HTH.

• Apple TV (1G) doesn't appear in devices list when connected via ethernet

  After upgrading to OS X Lion and iTunes 10.4 my Apple TV (1G) doesn't appear in the devices list when connected via ethernet. When I switch to wireless lan the device is shown and the sync process starts but can't copy the new films. The copy operation stops every time and sometines the device disappears from the list.
  Despite of the upgrading of OS X and iTunes all the settings are unchanged.
  Anyone an idea?

  Since my last update, I've gathered more information.  I'm almost certain this is not entirely a 10.7.1 issue, if an issue in 10.7.1 at all.  10.7.1 may have changed something that caused this issue to appear,but where I was having this problem weekly if not daily, I no longer have the problem. I changed routers.  I was using a new D-Link Xtreme N Gigabit RouterDIR-655.  This router was causing me pain with lock ups.  I replaced it with a Cisco Linksys E4200. I have not had a lockup in over 2 months now and not one sync issue with Apple TV nor my new iPhones, which sync wireless to iTunes on my Mac Pro.
  Thinking about how my network is wired leads me to believe the issue was in the router, or maybe a network communication change in 10.7.1 that the DIR-655 was not supporting correctly. My MacPro and a few other hardwired access points in my house go directly to the router.  My AppleTV and Airport Extreme are connected to a Gigabit switch and the Gigabit switch is then connected to the router. I also turn off the wireless capabilities in my routers, as I prefer to let my Airport Extreme handle those duties.  This all means my normal hardwired communication path from my Mac Pro to Apple TV was going through the router, to the switch, to the Airport Extreme and then to my AppleTV.  My Apple TV is connected to the LAN port on the Airport extreme. By going wireless on the MacPro, I was bypassing the router altogether.
  As I started out saying, since I replaced my router, my sync issues have also gone away. If your having Apple TV sync issues, you might want to look at the router as well.  Also, while I can’t remember the exact settings, I had opened up or enabled UPnP and other router settings in the DIR-655 to see if that would resolve the sync issues and it did not.  In the end, I just spent the money and bought a new router and life is good now.

• Can't Browse Web when connected to VPN

  Hi, 
  I got interested in networks about a year ago.  We had some spare networking kit lying around in our office and I decided to set up a lab.
  I've been able to configure NAT w/ PAT  on a cisco 3825.
  I've got 1 access list, "Overloading" my OUTSIDE int, and a few "ip nat inside source static..." entries to handle my port forwards.
  It's a very basic setup.
  The router died recently, so I got a cheap replacement form ebay.  Setting it all up was WAY easier than last time, so I decided to try something new.... VPN.
  I'd previously had a port forward to a computer that was a VPN server, but I was able to use Cisco CCP to help me configure VPN.  Yes, technically cheating for all you CLI-heads out there, so sorry-- to make you happy, I did thoroughly inspect and spent extra time appreciating the code it wanted to inject to my router.  
  Now, I've got VPN working, and I can access all the PC's on the LAN I'm VPN'ing to, but -- I can't access the web when connected to VPN.
  I've fiddled with the access list, trying to make it ANY/ANY.
  I'm not really sure what to do.
  I looked around and most of the stuff out there is for a site-to-site, or PAT running on a tunnel... 
  My issue is pretty basic, probably.  I just cant access outside when on VPN.
  I'm more than willing to have another translation method.
  I've attached my router config.
  Can you have a look and let me know what would need changing...
  Really appreciate any insight.
  Thanks,
  Brian

  Hello Brian,
  Basically this is the VPN group:
  crypto isakmp client configuration group open
   key (something)
   dns 192.168.1.1 8.8.8.8
   domain something.com
   pool SDM_POOL_1
   save-password
   backup-gateway 192.168.1.1
   max-users 5
   netmask 255.255.255.0
   banner ^Cyou have connected to the vpn-ings!.  well done!    ^
  I see that you are doing tunnel all, and you are not split tunneling on this configuration, what you can do is to use split tunnel, under this configuration as follow:
  ip access-list extended SPLIT_TUNNEL
  permit ip XXXXX XXXXX 192.168.1.0 0.0.0.255
  XXXXX --> are the inside subnets
  Then under this:
  crypto isakmp client configuration group open
  acl SPLIT_TUNNEL
  This will allow you to have access to the internal subnets through the tunnel and have access to internet through the internet connection on your computer.
  For further details take a look to this document:
  - http://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html
  Don't use Any on your ACL statements for split tunneling purposes.
  Let me know how it works out!
  Please don't forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• How to solve the noise issue when connecting an electric guitar?

  Hello,
  I own a 15'' MacBook Pro of early 2011, with Lion Mac OS X 10.7.2
  I have an issue when connecting my electric guitar (Guitar Rig 4 LE) via USB & starting the Garageband '11 (ver. 6.0.4). I tried playing with the settings to get around the fuzziness/noise that's produced when the guitar is connected.
  The original software I got with Guitar Rig 4 ALSO had a similar issue, but I solved it by turning down the ''Gate'' volume to get a clear guitar sound. I tried looking for a similar thing on Garageband but no luck. I'm taking the online lessons via Garageband, with all that noise it makes it even harder to learn.
  Hope I made my case clear, and I'm looking forward for any suggestions in this technical problem I'm facing.
  Cheers

  Hey Keith, thanks for your response.
  Well, to be honest I had no idea what that was, so I opened Garageband and looked for that option, and it seems I can't access it during the guitar lessons. I tried exiting the lessons to the main window but the option you talked about under the ''Track'' tab was still faded (i.e. inaccessible).
  Did I misunderstand you or done it wrong?
  The noise even gets WORSE when trying out the Rock Guitar lessons, not so bad on the Basic Guitar & Blues Guitar...
  By the way, I did try the ''Aggregate'' Audio MIDI setup thingy from the utilities to enable both ''Built-in Output'' & ''USB PnP Sound Device (which is the guitar)" and didn't solve the problem.
  Running out of options. Opt for surgery? haha jk

• My new computer with Windows 8.1 does not recognize my iPhone when connected via USB.

  My new Dell Computer with Windows 8.1 does not recognize my iPhone 5 when connected via USB.  I have reinstalled iTunes to no avail.

  Hey, I may have to if I can't get this one to work!!
  I have tried a different USB to no avail.  Both cables work on my old Dell so I don't believe they are the issue. 
  I uninstalled iTunes as directed by Apple Support and reinstalled.  Apparently, Apple Mobile Device Support is not loading with it because it does not show up in programs. 

• The iTune Remote App has stopped finding my iTunes library when connected to wifi from my main router, but works fine when connected via second wifi router on the same network (different SSID)

  I'm running iTunes Remote App from a couple of iPhone 5's and a first generation iPod Touch. iTunes is running on a PC - Windows 7. My home network runs two Wifi Routers, each with a different SSID. I've had no problems with the Remote app running this set up for the last 8 months but recently the App can only find my iTunes library when the iPhone/iPod is connected via one specific router, when connected to the network via the other router, no iTunes library is found. I'm also running an Apple TV and it's the same as the iTunes Library, only visible via the one SSID.
  Everything else seems to work fine when connected via either router, eg Internet on the iPhones (definitely via wifi)
  I've tried renewing the lease on the iPhone wifi connection, restarting everything.....several times.....
  It used to work fine, this only seems to have been a problem in recent weeks
  Any help or advice would be much appreciated
  Thanks
  Ian

  It turned out to be the firewall settings on our router. Her machine was sending traffic that our router interpreted as a DoS attack and blacklisted her Airport's MAC address. That's why it would work fine if she switched to Ethernet.