vpn to outside network when logged in to local network

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have need for two of my domain users to also be able to vpn out to a
client's network as part of their daily routine. They are logged in to my
win2K3 Active Directory network on WinXP SP2 machines. I created a pptp vpn
connection for the remote network. It gets to the verifying username and
password part and fails. They are using vpn usernames assigned by the remote
network admin. I am thinking it is trying to pass their local username
instead of the one I set in VPN connection. Any thoughts?

Thanks in advance!
-Don
 
I have need for two of my domain users to also be able to vpn out to a
client's network as part of their daily routine. They are logged in to my
win2K3 Active Directory network on WinXP SP2 machines. I created a pptp vpn
connection for the remote network. It gets to the verifying username and
password part and fails. They are using vpn usernames assigned by the remote
network admin. I am thinking it is trying to pass their local username
instead of the one I set in VPN connection. Any thoughts?
Click to expand...

Check XP SP2 firewall settings. Test VPN accounts from other systems to
confirm valid username/password.
 
SP2 firewall is turned off and accounts work fine when logging in from
machine not connected to local network.

Thanks.
 
SP2 firewall is turned off and accounts work fine when logging in from
machine not connected to local network.
Click to expand...

What is your local network IP/mask?
What is remote network IP/mask?

I hope you are not trying to connect VPN from 192.168.0.x to 192.168.0.y.
 
No. Local is 192.0.x.x and remote is 10.1.x.x. It fails at the verifying
username and password point. The username and password work fine from a
machine where they are not already logged in to the local network.

Thanks.
 
No. Local is 192.0.x.x and remote is 10.1.x.x. It fails at the verifying
username and password point. The username and password work fine from a
machine where they are not already logged in to the local network.
Click to expand...

Then as you type "User name:" put remote domain name first, backslash and
user name:
remotedomain\username
Otherwise, your localdomain will be used silently.

You can change that behavior if you set to "1" the following:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials
 
No. Local is 192.0.x.x and remote is 10.1.x.x. It fails at the
verifying
Then as you type "User name:" put remote domain name first, backslash and
user name:
remotedomain\username
Otherwise, your localdomain will be used silently.

You can change that behavior if you set to "1" the following:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials
Click to expand...

Or on "Virtual Private Network" connection properties, in "Options" tab,
"Dialing options", check "Include Windows logon domain" and specify it
during connection time.
 
Back
Top