|
||||||||
I've got an interesting issue with PPTP, perhaps someone has a resolution? Some of my users are complaining about PPTP connections from their work laptops. when a domain* member laptop connects to the PPTP vpn they can use web services, telnet, ping, RDP, and do almost everything except browse file shares. When attempting to use a file share, the laptop stalls for long periods and will eventually pop up a dialog asking for a username and password, and reporting that logon through Kerberos failed. By looking at a packet trace, I was able to see that the Kerberos requests are being fragmented and parts dropped somewhere. The server responds to each ticket request with an ICMP type 11 code 1, which is Fragment reassembly timeout. Microsoft seems to think it has something to do with this: http://support.microsoft.com/kb/292788 but the domain controller is 2003, and the client is XP, so that hotfix does not apply. I'm thinking the monowall might be the blocking entity here. Suggestions? *yes, this is a Microsoft Active Directory. now is the part of the show where you shoot at me for using Microsoft. ___________________________________________________________________________ Thomas M. Bianco Sr. Network Operations Technician |