Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

of XP Clients, PPTP, cached credentials, and finding domain controllers

Thomas Bianco
Honored Contributor

of XP Clients, PPTP, cached credentials, and finding domain controllers

I've a hard one for you today.

Client is XP Pro SP2, a member of the domain, with a regular user who logs onto the machine and works from the LAN. The domain controller is a 2003 standard edition server. The file server is a 2003 storage appliance. The PPTP VPN server is FreeBSD, using radius authentication.

The problem arises when the user takes his laptop out of the office and back home to his home wireless network. He can log into the laptop using cached credentials, and connect to the VPN with the same cached credentials. Once connected he ping any number of servers, connect to web services etc.

however, when he attempts to connect to shares on the file server, he receives a password prompt. When he attempts to enter his domain credentials, XP tells him that it matches his cached credentials and has already been tried, but a domain controller could not be found to authenticate. This same behavior occurs even when attempting to access shares ON THE DOMAIN CONTROLLER!

We have both DNS (hosted on the domain controller to support AD) and WINS (also on the domain controller) and both can be accessed properly through the VPN, have correct entries, etc.

here's another interesting point, this user can take the same laptop, carry it into the building, connect to the LAN and function perfectly without changing anything. What am I missing?
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
2 REPLIES
Ivan Ferreira
Honored Contributor

Re: of XP Clients, PPTP, cached credentials, and finding domain controllers

Try using netdiag to debug the problem:

netdiag /v /l /test:dsgetdc

You must install Windows XP Support Tools.

Resolve any DNS errors in the Netdiag.log file, created in the current folder.

Use nslookup to ensure that you can contact the DNS server.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Thomas Bianco
Honored Contributor

Re: of XP Clients, PPTP, cached credentials, and finding domain controllers

found the solution with Ethereal about 5 hours ago, but i forgot to update this post. sorry.

Fragmented packets were being tossed in the bin by the PPTP server.

thank you for posting thou.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.