Win2K VPN Server/ Win98 Client Probs

[tfccom]

Hey Everyone,

I have a Windows 2000 Server with a handful of Windows 2000 Pro and some Windows 98 SE notebook clients. I have DSL running through a Linksys Gateway, configured to forward ports 47 and 1723 forwarded to the Server running Windows VPN server. The windows 2000 pro clients connect fine, and I can add drives by either the "Add network place" wizard or the "\\computername\share" method, and it works great!

The windows 98 se clients connect fine, I can VNC the server, ping everything on the network, and we are assigned IP addresses, but we can't NET VIEW or "\\computername\share" or connect to any LAN drives or shares; it asks for a password, but none of them work, and no password doesn't work either!


Any Help is appreciated,
Trevor Farren

 

[MattWray]

There is a problem with passwords between 2k and 98. Try installing DSCLIENT.EXE and see if that fixes it. And BTW, you don't forward port 47, that is a common mistake. Port 1723 is the only port you need to forward. The 47 is an IP protocol GRE, not a port. Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[tfccom]

Hey Matt,

I should have been more specific; the Windows 2000 Server is NOT an AD server, there is no domain, just a workgroup...sooooo would the Directory Services client help on the Win98 machines??

Also, I've heard alot about port 47 being a GRE something or other....

Is it a IP port, and what's a GRE, a UDP or A TCP port???

Thanks A Million,
Trevor Farren

 

[MattWray]

As for GRE, it is not a port at all. It is a protocol. Here is a link on GRE.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241251

DSCLIENT probably wouldn't do anything for you. Have you tried adding a password to the sharing of your drives as a temp fix... Maybe if you specify a password, windows will be forced to use it...
Will have to dig when I have some time.. Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[curious2]

I've encountered a similar problem connecting Windows 98 machines to a WinNT environment via VPN/RAS through a proxy server running Routing and Remote Access.

The problem with the Win9x machines is that they usually don't have the correct logon info that the WinNT/W2K environment is looking for.

Once you connect to the network through the VPN (with a remote Win9x machine), you are able to ping the other computers on the internal network using a Win9x machine, but you can't get to any of the network shares due to authentication issues. It is usually not a problem on a Win2K/XP/NT machine. I really don't believe your problem has anything to do with ports at this point.

To get around this, I had to change network properties on the remote Win9x machines that are trying to connect via VPN/RAS.

Under the remote Win9x machine VPN'ing to the office network, change the Workgroup and/or Domain Names to match the Workgroup and/or Domain names of the Windows 2000 server.

On the Win9x machine, after this step is done, you will have to reboot your machine. After rebooting, the Win9x machines will get a logon screen with either the workgroup or domain name in the logon screen. At this point, have the user on the remote Win9x machine try and log onto the machine just like he/she was in the office. When I mean just like in the office, I mean same username and same password as in the office workgroup/domain.

Since the remote Win9x machine is NOT currently connected to the office workgroup or domain, the system will give you an error message telling you that it cannot find or connect to the domain. No big deal. Just hit Okay and continue to log in. The username and password info of the workgroup/domain is associated with your remote Win9x machine at this point.

Once the system is up, go ahead and VPN into the remote network. Once connected, try connecting to the shares. You should be able to connect to the shares now.

Give it a go and let us know how it turns out. Good luck!

 

[lwinstead]

Curious2,

I've followed your instructions, and I already have the domain name setup the way you suggest, however, once I VPN into the network, I am not able to browse/connect to any resources on the network. The tunnel has been created, but I can't see anything on the network. I have the SafeNet client running on a Win98SE laptop, and the target network is a Win2k server, with various Win2k workstations. Any ideas??

-Lawrence <<<<[flux]>>>>

 

[tfccom]

Hey lwinstead,

I have resolved all of the problems I first had, and the fact that you can log on is definitly a step in the right direction. But the VPN server does not usually allow browsing inside the network, due to the lack of NetBEUI relaying. You need to enter your NET commnad at the DOS prompt to do the specific task... like to connect a net drive to you mahcine use NET USE x: \\servername\sharename, or for a printer or just about any kind of network drive, you can just specify the \\servername\share instead of browsing in any Windows wizards. To get the addresses in your network neighborhood (I'm assuming that your not using AD here), you need to add an LMHOSTS file or have a WINS or DNS server on your headend LAN.

Trevor Farren,
TFC Communications

 

[lwinstead]

Trever,

Thanks for the info. I'll have to try the NET command tonight. First, however, I have a few concerns:
The server here at work IS using AD. Secondly, do I have to do anything to the server for me to be able to make a VPN connection? I would have to say no, because we have a consultant who can flawlessly VPN onto our network and browse freely and I've never touched the server yet for remote access. Granted, in his case, he's got a router set to make a VPN connection to our router, so that when he boots his computer, its already there...

Also, I'd like to point out that I really don't know what I'm doing with the win2k server. I'm really only beginning to learn all about it... <<<<[flux]>>>>

 

[lwinstead]

Trevor,

Hello. I should have read your post more clearly. In fact, I -can't- logon to the server yet. I'm still stuck in the middle. Here's what I can do:
1)I can dial up to my ISP and get on the internet.
2)I can ping my 3Com Internet Firewall at work, which is VPN enabled, and thus make a VPN tunnel (presumably to the network at work... otherwise, its just to the Firewall, which I guess might be where my problems originate)
3) I'm stuck! From here, I can't see the remote network; I can't ping any machines on the network; I can't use the NET command for the remote network; I can't interact AT ALL with the remote network, even though I've made a VPN tunnel to [somewhere].

Please please please help me if you can. Its driving me nuts.
Thanks!
-Lawrence
<<<<[flux]>>>>

 

[MattWray]

What type of message are you seeing when you connect? Do you recieve the &quot;registering your computer on the network&quot;? Check in your server RRAS snap-in to see what kind of remote access you got. Is it possible to ask the consultant what he's done since you say he can connect. Maybe he can point you in the direction of what your missing... Matt Wray
CCNA, MCP
mwray77518@yahoo.com