Windows XP client can't VPN in via PP2P

Similar Messages

• Lion VPN with a Windows 7 client; can't browse network

  So, here's my setup..
  I have a Lion Server running VPN (192.168.1.11 /24), a windows box behind the VPN (192.168.1.15) and a Windows 7 client connecting.
  I've been able to get the Windows 7 client to actually connect to the VPN. I can also manually go to the client machine (i.e. \\192.168.1.15 ), and I've even thought of creating a static hosts entry for the netbios name -> IP, but, while all that works, the simple fact is that I can NOT browse the network using either a mac client OR a windows client.
  DHCP/DNS is being done by the router (A Verizon Actiontec router with a MoCA connection.)
  I COULD get the lion server to serve dns/dhcp for the whole network, but, haven't yet. Lion server uses the router IP as it's DNS (and does not use the local DNS at all). I've tried to both ways though; didn't solve the issue.
  So, is there any way to fix the ability to browse beyond the VPN? Lion does not include (that I can find) a WINS server....
  Lion server is DMZ'd from the router. So, all ports are open.
  Help!

  No one has any ideas on how to fix this?

• Windows 7 client can't connect to Server 2008 R2 Print Server VM (ESXi 5.5)

  I have an issue today that is driving me bonkers.
  I recently came on-board to a company in my area as the system administrator and this network has everything and the kitchen sink wrong with the network layout, probably the worst I've seen and I'm slowly but surely fixing it day by day.....
  Well today I decided I was going to spin up another VM from a template and make a Print Server, seems harmless right? --- I thought so too, added all of the printers to the server and did test pages, all was dandy, but then I tried to add the printers to
  clients and other server and the real fun has begun, I'm truly perplexed now...
  I added a VM to my esxi 5.5 cluster at work that is a 2008 R2 server with only print management on it. I can map all of the printers on the network to the print server as-well as install the drivers correctly and I can resolve the IP and server name via
  DNS. I can test printers directly from the print server successfully printing out test pages however whenever I try to map printers you know from the directory in 'devices and printers' from any of the Windows 7 clients or any of the other 2003/2008 servers
  I get the classical "Windows cannot connect please check the network connection and make sure sure the printer is turned on". I disabled the windows firewall and I made the point to print GPO set to disabled and still no luck. Again I can print to
  all of the printers internally inside of the VM (so I know it communicating to all of the printers), I just can't connect to the printers listed in the directory on any of external desktop/client, it's like so annoying. spent about 6 hours until my brain just
  couldn't think anymore, was about to go BS on the VM.
  The only thing I can think of, as I was driving home, is that there is a GPO on one of the DC that has a desginated print server policy set. But prior to last week the forest leve was 2000 and now it's 2003. I just don't know Server 2000 enough to know if GPO's
  worked in the same way they do in 2003.
  Right now printers are connected to other servers in a ad hoc mentality it seems, there has never been a true print server.
  Anyone ever have this problem before?
  I'm truly puzzled...

  Hi Mid.Hudson-IT,
  Before we begin ,we should ensure we have configured the printer server correctly .
  Here is a link for reference of configuring the printer server .
  Print server role: Configuring a print server
  https://technet.microsoft.com/en-us/library/cc775791(v=ws.10).aspx
  "I can map all of the printers on the network to the print server as-well as install the drivers correctly and I can resolve the IP and server name via DNS"
  From this sentence ,I can`t figure out whether you have tried to ping the server both with the IP adress and name adress from the client ?
  If we can ping the print server from the client,we can ensure the connection to the printer server is good .
  Then we can try to install the printer driver directly to have a check .In the adress bar of Windows Explorer ,input "\\server name \the printer name"
  If we cannot ping the print server ,we should troubleshoot the network issue firstly.
  We also can check the event viewer for more information to troubleshoot this issue .
  Best regards

• Windows XP client can't connect to AirPort Extreme AP with WEP enabled.

  Hello,
  I have big problem with Mac Mini AirPort Extreme working in AP mode with Windows XP client.
  Some time ago, AP refuse to connect Windows XP clients (notebook) when WEP is enabled (40/128 bit, same problem), while before that, everything work perfect.
  On other hand, iPhone can connect using WEP without an problem.
  When WEP is turned off, XP client can connect but this is not acceptable for me.
  I must notice that friend of mine have absolute SAME PROBLEM which rise almost at same time few months ago. They have Mac Mini and XP notebook (different then mine) which can not connect with WEP turned on, while his iPod touch work!
  I guess that this happened due AirPort Firmware upgrade included in some of Apple software update.
  Does anybody have similar problem or know the solution?
  My AirPort Card Information:
  Wireless Card Type: AirPort Extreme (0x168C, 0x86)
  Wireless Card Locale: Worldwide
  Wireless Card Firmware Version: 1.4.16.2
  Current Wireless Network: Mac mini
  Wireless Channel: 11
  Tnx in advance.

  mikikg, Welcome to the discussion area!
  Sorry but this is a known issue.
  The only solution is to get a real wireless router instead of using your Mac mini as a base station.

• Windows 8 clients can't associate to Cisco 2125 controller

  HI All,
   I have 2125 controller with running IOS 7.0.230.0, now unable to connect windows 8.1 laptops.
  It is  support Windows OS 8.1 wireless clients, you need to upgrade the firmware to 7.0.250.X.. I think windows is latest version are supported or not. kindly confirm.
  Thanks & Regards,
  Johnson.

  Hi Johnson,
  Yes, You have to upgrade to your WLC code at least 7.0.235.0 or above if you are hitting this bug CSCua29504.
  https://supportforums.cisco.com/document/113836/windows-8-clients-cant-associate-cisco-unified-wireless
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Windows Mail client can't connect anymore -

  It worked fine forever up until last week - 7/24.  Now I get the error below whenever I try to connect.  I've checked all the settings per the ATT FAQ page and deleted and readded the server info, but no luck.  I tried talking with ATT support and they gave me all the same server settings and said I'd have to pay for higher level tech support.  Any ideas? The host 'inbound.att.net' could not be found. Please verify that you have entered the server name correctly.
  Account: 'inbound.att.net', Server: 'inbound.att.net', Protocol: POP3, Port: 995, Secure(SSL): Yes, Socket Error: 11001, Error Number: 0x800CCC0D

  Hi Mid.Hudson-IT,
  Before we begin ,we should ensure we have configured the printer server correctly .
  Here is a link for reference of configuring the printer server .
  Print server role: Configuring a print server
  https://technet.microsoft.com/en-us/library/cc775791(v=ws.10).aspx
  "I can map all of the printers on the network to the print server as-well as install the drivers correctly and I can resolve the IP and server name via DNS"
  From this sentence ,I can`t figure out whether you have tried to ping the server both with the IP adress and name adress from the client ?
  If we can ping the print server from the client,we can ensure the connection to the printer server is good .
  Then we can try to install the printer driver directly to have a check .In the adress bar of Windows Explorer ,input "\\server name \the printer name"
  If we cannot ping the print server ,we should troubleshoot the network issue firstly.
  We also can check the event viewer for more information to troubleshoot this issue .
  Best regards

• Suddenly our windows 7 clients can't connect to our wireless network due to a cert error?

  Our company uses a Ruckus setup for our wireless network.  The laptops have to have a certificate on them issued from our CA and be a member of AD group.  Yesterday we noticed that nobody could connect to the internal wireless network.  In
  the security logs for the computers there is a this error:
  A request was made to authenticate to a wireless network.
  Subject:
      Security ID:        host/xxx-xxxxxxx
      Account Name:        -
      Account Domain:        -
      Logon ID:        0x0
  Network Information:
      Name (SSID):        Forest River Internal
      Interface GUID:        {53b8a5f4-e910-4e3e-ab88-eb4f46356e1f}
      Local MAC Address:    68:94:23:00:26:1F
      Peer MAC Address:    C4:01:7C:4A:88:58
  Additional Information:
      Reason Code:        Explicit Eap failure received (0x50005)
      Error Code:        0x80420202
      EAP Reason Code:    0x80420202
      EAP Root Cause String:    The authentication failed because certificate required for this network has expired on the server computer
      EAP Error Code:        0x80420202
  this cert was is supposed to be good for another year, is there anyway that I can get the CA server to renew this cert or do I need to issue a new one and distribute it?  The other issue I'm running into is I can't seem to get my CA to issue a new computer
  cert.  All the servers are 08 R2 boxes.

  Hi,
  Do you have any progresses on this issue by now?
  Here is a related KB article below:
  Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed
  http://support.microsoft.com/kb/2494172
  Best Regards,
  Amy Wang

• Windows XP computers can't see Airport via Ethernet connection

  I have a iMac G5 hooked up to a new Airport Extreme base station.
  I have two other old Apples with which Airport Express Setup 4.0 doesn't work.
  Therefore, I am trying to set up my two Airports using a Windows computer so that they can be used as remote music devices.
  Neither of them are seen by the Windows computer unless I completely reset them. And even then, it is intermittent.
  When starting Airport, I get the following message:
  "Windows is not allowed to manage wireless networks on this computer." However, in Network Connections, properties of my wireless connection state Windows does manage them.
  Following an Aiport reset, Airport Express Assistant asks me for the password for the network, "name not available," I enter "public," but then get the following error following the message, "Reading from Base Station..."
  Cannot send Identify command to the base station. Bad Param Error (-4).
  Attempting to access the Airport using Airport Admin Utility, I see the Airport, but when making modifications to the password and join an existing Airport network, I click UPDATE, the Airport restarts, only to be invisible again to both Airport Express Setup and Airport Admin Utility.
  The same problem is happening on two different XP computers and with two different Airports.
  Help!

  Borrowed a Powerbook and used Airport Admin Utility, which resolved all problems with Airport.

• Windows 7 (Client) map a network drive VPN Snow Leopard Server

  Hi,
  I have a Mac Mini Snow Leopard Server and are using a VPN service.
  My services on the mac os x sls server are: AFP, DNS, Firewall, Open Directory, SMB and VPN.
  I can connect the VPN from Mac clients and Windows 7 clients, but I can only map a network drive/share point on Mac´s.
  On Windows 7 I get an error: path or name not found ( I am sure using the correct path, same from Mac client that works).
  When I am using my internal network LAN I can map a network drive using Windows 7 and Mac but outside over a VPN not (only Mac works).
  The only service, at this moment,  that I need is File Sharing outside my network LAN using a VPN.
  How can I map a network drive from a Windows 7 client using a VPN, is there any Firewall rules / SMB rules / File Sharing rules that I missed on the server side?
  Thank You.

  I really don't know what are going wrong with my settings. As you said/write it must be an easy setup.
  I'm using a Time Capsule and used the Server app to add VPN to the port forwarding also.
  When I am connected thru the VPN I tried to ping the Server IP and got no answer from it, from W7 client!?
  My Mac's are just working fine with AFP and SMB share points thru the VPN.
  I think I have missed some settings from the SMB or Firewall services for VPN with W7 client's or it is a Windows issue.....

• Random disconnects from Windows 7 Clients - Disk is full error

  Recently upgrade my XServe from 10.5.8 -> 10.6.6 -> 10.7.3 Server.
  I have 6 Mac clients connecting to different sharepoints on the server with no issues at all after the upgrade.
  I have 2 Windows 7 Home clients running QuickBooks attempting to connecting to their Accounting sharepoint on the server.  10.5.8 / 10.6.6 there were no issues with disconnects.  After upgrading to 10.7.3 Server and fixing the login issue, the Windows 7 clients can connect to the sharepoint.  But once or twice a day they are getting an error of "The disc or drive Z: is full." (I have the sharepoint mapped to drive Z on Windows 7).
  The sharepoint is on a RAID and has over 1TB free storage.  The local hard drive in each Windows 7 client has 200-300 GB's free each.. so no drives are actually full.
  Is anybody else seeing this?
  Their connections are wired.. Gig Ethernet.  This was not an issue previous to Lion Server.  Only started occuring after the "upgrade" this past Saturday.

  Most likely your disk is full . If you go to Preferences/Performance you are able to change your active Scratch Disks.

• VPN clients can connect via SSTP but not IKEv2 due to error 808

  I have a Windows Server 2012 R2 with RRAS configured to allow SSTP / IKEv2 VPN connections. I'm using an external certificate for server authentication and the client authentication is done via domain username/password (Protected EAP). The clients can
  connect successfully when using SSTP, but if IKEv2 is selected, then the following error is displayed:
  Error 808:
  The network connection between your computer and the VPN server could not be established because the remote server refused the connection. This is typically caused by a mismatch between the server's configuration and your connection settings. Please
  contact the remote server's Administrator to verify the server configuration and your connection settings.
  My external certificate has the Server Authentication EKU but not the IP security IKE intermediate, however it's the only
  certificate installed, so I believe the certificate is OK.
  Any ideas on what is causing the error?
  Thank you.
  Ricardo Costa

  Hi,
  What NAT device you are using? You must configure the IKEv2 related protocol on your NAT device too. For example if you are using the Cisco® NAT device you must
  enable the IKEv2 support on the outside interface:
  Enabling IKE on the Outside Interface
   You must enable IKE on the interface that terminates the VPN tunnel. Typically this is the outside, or public interface. To enable IKEv1 or
  IKEv2, use the crypto ikev1 | ikev2 enable command from global configuration mode:
  =================================================
  crypto ikev1 | ikev2 enable interface-name
   For example:
  hostname(config)# crypto ikev1 enable outside
  =================================================
  The related third party information:
  Configuring IPSec and ISAKMP
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_ike.html#wp1042302
  You can refer the following KB to enable the RRAS logging.
  RRAS: Logging should be enabled on the RRAS server
  http://technet.microsoft.com/zh-cn/library/ee922651(v=ws.10).aspx
  Hope this helps.
  *** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does
  not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers
  in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SBS2008 VPN Clients can't Remote Desktop to PCs

  Hello,
     I have a network running SBS2008, it has RRAS configured on it and clients connect to it fine.  However, while connected to the VPN, I can't connect to PC Clients via RDP.  I connect to server via RDP no problem.  And I can connect
  to PCs via RDP from the server or other PCs on the network.  I just can't connect through a VPN connection.  RRAS uses DHCP from the server to assign IPs so VPN clients are on the same subnet as the domain PCs. 
  RWW also works fine for connecting to PCs, but we would like to be able to connect via VPN as well.  And it should work, I can ping a PC I'm trying to connect to over the VPN connection, no problem.  I researched and saw something about the group
  policy, but this is a very small network and doesn't really use that.  I made the changes described in the Windows Firewall settings but it made no difference.  I also went and turned off the Windows firewall on the PC I was trying to connect to,
  but it still didn't make a difference.  Is there any other reason this wouldn't work?
  Thanks

  I found out that the issue was caused by the Symantec Endpoint Protection client installed on the server.  It was blocking traffic between VPN clients and PCs on the network.  I just reconfigured it to allow that traffic and it worked
  fine afterward.
  Hi Rayminette,
  Glad to hear that you have solved this issue and thanks for sharing your solution in the forum. Your time and efforts are highly appreciated.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Quickvpn / client to gateway vpn rv042 can only ping router

  I am setting up remote access using an RV042 router.  Using quickvpn or a client-to gateway vpn and shrewsoft client,  I can only access/ping the LAN side of the remote router and one machine on the remote network.  The PPTP server and native Windows 7 connection provide access to all machines on the remote network.
  I have 2 possible reasons for this and would like to find the real reason:
  1) The remote RV042 is behind another router, and that router restricts access other than the PPTP traffic.
  2)  The VPN tunnels other than PPTP only allow access to the remote LAN side of the router and remote machines that have the remote router defined as their gateway in the IP configuration.
  Any ideas?

  I've narrowed the problem down to option 2 above. If I change the gateway of a LAN resource to point to the LAN side of the router, it can be accessed through the VPN tunnel. 
  I haven't had time to see if adding routing entries can fix this problem.  Any suggestions will be appreciated.
  Also, I would appreciate an explanation of why the PPTP connection works.  I will research this myself (eventually) but am  already backed up with other projects..

• Server 2003 VPN clients can't verify username and password

  Hi,
  Hoping someone can help or point me in the right direction. I have a Windows Server 2003 R2 standard SP2 running RRAS. It has Dual NIC's and is configured for PPTP VPN. I am using a BT Business Hub 5 for internet access and using the BT Static IP service.
  The BT Hub assigns the static IP address chosen to the Server using DHCP. The firewall is configured to port forward PPTP traffic to the 2003 server. This all works correctly.
  The 2003 server is on a domain where the DC is a 2008 R2 server. The DC also acts as the DNS and DHCP for the network.
  The default gateway for the domain is pointed towards our WinGate proxy server which also acts as a DNS server.
  The 2003 server LAN NIC is configured manually, usually I would not configure a deafult gateway on the LAN NIC as the WAN NIC needs the default gateway for the BT Hub.
  The problem I am having is if a default gateway is configured on the LAN NIC, I can connect to the VPN and it will logon to the network. Once connected everything works ok. If the connection drops, when trying to reconnect the client can no longer verify
  the user name and password against the domain and the connection is refused.
  If I do not have a default gateway configured in the LAN NIC the VPN clients can not verify the username and password for the domain at all and I get RPC failure errors in the event viewer with the source dnsapi.
  Once this error occurs the only way I can get the clients to reconnect is to disable the WAN NIC, restart the RRAS service and enable the WAN NIC again.
  Any insight will be much appreciated.

  Hello,
  for Networking configuration questions better ask in
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home#forum=winserverNIS&filter=alltypes&sort=lastpostdesc&content=Search
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• VPN client connected to VPN but can't ping or access to server

  HI ,
  i need help urgently, had been troubleshooting for a day, but have no ideal what wrong with the config.
  Basically there is 2 set of VPN configured, one is site to site IPSEC VPN and another one is connect via VPN client software coexist in same router.
  This recently we having problem on client can't access or ping to internal server which is 192.168.6.3 from VPN client software.
  VPN client will connect to VPN ip pool as10.20.1.0 to 10.20.1.100
  Software itself shown connected but request time out when ping.
  Below is the config. Some of the command might be extra as when i did some test, but end up didn't work.
  aaa new-model
  aaa authentication login userauthen local
  aaa authorization network adminmap group VPNClient
  aaa authorization network groupauthor local
  aaa authorization network map-singapore local
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key emptyspace address 203.142.83.218 no-xauth
  crypto isakmp keepalive 15 periodic
  crypto isakmp client configuration address-pool local ippool
  crypto isakmp client configuration group map-singapore
  key cisco123
  dns 192.168.6.3
  domain cisco.com
  pool ippool
  acl 102
  crypto isakmp profile VPNclient
     match identity address 27.54.43.210 255.255.255.255
     match identity group vpnclient
     client authentication list userauthen
     client configuration address respond
  crypto ipsec security-association idle-time 86400
  crypto ipsec transform-set REMSET esp-3des esp-md5-hmac
  crypto ipsec transform-set DYNSET esp-aes esp-md5-hmac
  crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
  crypto dynamic-map dynmap 10
  set transform-set DYNSET
  set isakmp-profile VPNclient
  reverse-route
  crypto map VPNMAP client authentication list userauthen
  crypto map VPNMAP isakmp authorization list map-singapore
  crypto map VPNMAP client configuration address respond
  crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
  crypto map VPNMAP 11 ipsec-isakmp
  description VPN to ASA5520
  set peer 203.142.83.218
  set security-association lifetime kilobytes 14608000
  set security-association lifetime seconds 86400
  set transform-set REMSET
  match address 100
  interface GigabitEthernet0/0
  ip address 27.54.43.210 255.255.255.240
  ip nat outside
  no ip virtual-reassembly
  duplex full
  speed 100
  crypto map VPNMAP
  interface GigabitEthernet0/1
  ip address 192.168.6.1 255.255.255.0
  ip nat inside
  no ip virtual-reassembly
  duplex full
  speed 100
  interface GigabitEthernet0/2
  description $ES_LAN$
  no ip address
  shutdown
  duplex auto
  speed auto
  ip local pool ippool 10.20.1.0 10.20.1.100
  ip forward-protocol nd
  ip pim bidir-enable
  no ip http server
  ip http authentication local
  no ip http secure-server
  ip nat inside source list 1 interface GigabitEthernet0/0 overload
  ip nat inside source list 101 interface GigabitEthernet0/0 overload
  ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
  ip nat inside source static 192.168.6.3 27.54.43.212
  ip route 0.0.0.0 0.0.0.0 27.54.43.209
  ip route 192.168.1.0 255.255.255.0 27.54.43.209
  ip route 192.168.151.0 255.255.255.0 192.168.6.151
  ip route 192.168.208.0 255.255.255.0 27.54.43.209
  ip access-list extended RA_SING
  permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.0.0.0 0.255.255.255 192.168.6.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  permit ip 10.20.1.1 0.0.0.100 192.168.6.0 0.0.0.255
  permit ip 10.20.1.0 0.0.0.255 10.0.0.0 0.255.255.255
  deny   ip any any log
  access-list 1 remark Local Network
  access-list 1 permit 192.168.6.0 0.0.0.255
  access-list 1 permit 192.168.102.0 0.0.0.255
  access-list 1 permit 192.168.151.0 0.0.0.255
  access-list 2 remark VPNClient-range
  access-list 2 permit 10.0.0.0 0.255.255.255
  access-list 10 permit 192.168.6.0 0.0.0.255
  access-list 10 permit 192.168.102.0 0.0.0.255
  access-list 10 permit 192.168.151.0 0.0.0.255
  access-list 10 permit 10.0.0.0 0.255.255.255
  access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 100 permit ip 192.168.102.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 100 permit ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  access-list 100 permit ip host 192.168.6.7 host 192.168.208.48
  access-list 101 deny   ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 101 permit ip 10.0.0.0 0.255.255.255 any
  access-list 101 permit ip 192.168.6.0 0.0.0.255 any
  access-list 102 permit ip 10.0.0.0 0.255.255.255 any
  access-list 120 deny   ip any any log
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255 log
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 120 deny   ip 192.168.6.0 0.0.0.255 192.168.208.0 0.0.0.255
  no cdp run
  route-map nonat permit 10
  match ip address 120
  control-plane
  alias isakmp-profile sh crypto isakmp sa
  alias exec ipsec sh crypto ipsec sa
  banner motd ^CC^C

  I did not try to ping 4.2.2.2. I just know I can not ping comcasts dns servers. I have updated the firmware on the router and it did not work. The computer was able to access the internet until about a week ago, I don't understand what could have changed that I would now need a static DNS.