Exchange/Cisco VPN client failing

[DC Gringo]

I have a WinXP Pro w/Outlook 2003 laptop trying to connect through a Cisco
VPN 4.0.5 to the Exchange server. This connection is initiated via a D-link
wireless access point. I seem to be having trouble resolving DNS, getting
through the firewall, or authenticating to the Exchange server. Outlook
gets stuck in "trying to connect". It only seems to be problematic from
this one location, so perhaps it's a firewall port I'm missing...although
I've followed all D-link instructions for enabling this Cisco client at
http://support.dlink.com/SupportFAQ/default.asp?model=DI-624

Closest I've come to solving this is using the following KB article tells me
that MS04-11 update may create this problem, but I can't uninstall it as it
appears to have come with SP2 or another roll-up. I've tried the uninstall
switch, before and after trying to reinstall it alone:

http://support.microsoft.com/kb/891559

Here are my log entries:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for server
exchangeAB/HQ-MAIL-VS2.company.net. The failure code from authentication
protocol Kerberos was "No authority could be contacted for authentication.
(0x80090311)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter
with settings:

Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
Host Name : fnl-001
Primary Domain Suffix : company.net
DNS server list :
10.0.0.15, 10.0.0.13
Sent update to server : 10.1.1.1
IP Address(es) :
10.0.30.120

The reason the update request failed was because of a system problem. For
specific error code, see the record data displayed below.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1e 25 00 00 .%..


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with the server
exchangeAB/hq-MAIL-VS2.company.net. No authentication protocol was
available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for server
exchangeMDB/hq-MAIL-VS2.company.net. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with the server
exchangeMDB/hq-MAIL-VS2.company.net. No authentication protocol was
available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

[Shenan Stanley]

I have a WinXP Pro w/Outlook 2003 laptop trying to connect through
a Cisco VPN 4.0.5 to the Exchange server. This connection is
initiated via a D-link wireless access point. I seem to be having
trouble resolving DNS, getting through the firewall, or
authenticating to the Exchange server. Outlook gets stuck in
"trying to connect". It only seems to be problematic from this one
location, so perhaps it's a firewall port I'm missing...although
I've followed all D-link instructions for enabling this Cisco
client at
http://support.dlink.com/SupportFAQ/default.asp?model=DI-624
Closest I've come to solving this is using the following KB article
tells me that MS04-11 update may create this problem, but I can't
uninstall it as it appears to have come with SP2 or another
roll-up. I've tried the uninstall switch, before and after trying
to reinstall it alone:
http://support.microsoft.com/kb/891559

Here are my log entries:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for
server exchangeAB/HQ-MAIL-VS2.company.net. The failure code from
authentication protocol Kerberos was "No authority could be
contacted for authentication. (0x80090311)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The system failed to update and remove host (A) resource records
(RRs) for network adapter
with settings:

Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
Host Name : fnl-001
Primary Domain Suffix : company.net
DNS server list :
10.0.0.15, 10.0.0.13
Sent update to server : 10.1.1.1
IP Address(es) :
10.0.30.120

The reason the update request failed was because of a system
problem. For specific error code, see the record data displayed
below.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1e 25 00 00 .%..


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with
the server exchangeAB/hq-MAIL-VS2.company.net. No authentication
protocol was available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for
server exchangeMDB/hq-MAIL-VS2.company.net. The failure code from
authentication protocol Kerberos was "There are currently no logon
servers available to service the logon request.
(0xc000005e)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with
the server exchangeMDB/hq-MAIL-VS2.company.net. No authentication
protocol was available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For Exchange - I highly recommend RPC over HTTP.

 

[Paul Adare]

microsoft.public.security news group, Shenan Stanley

For Exchange - I highly recommend RPC over HTTP.

For a single line response - I highly recommend snipping.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain

 

[DC Gringo]

Paul,

Thanks for the response...could you explain what you mean?

_____
DC G

 

[DC Gringo]

Shenan,

Thanks for the response...could you explain a bit more? Is this a
client-side or server-side configuration?

_____
DC G

 

[Kevin D. Goodknecht Sr. [MVP]]

Shenan,

Thanks for the response...could you explain a bit more? Is this a
client-side or server-side configuration?

RPC over HTTPS allows you to use Outlook 2003 with Exchange 2003 on Win2k3
(preferably SP1) without a VPN, it is done over the internet using port 443.
You will need a SSL certificate, either from a Public provider or from your
own Certificate Authority.
How to configure RPC over HTTP on a single server in Exchange Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401

 

[DC Gringo]

Kevin,

Thank you for the advice. Unfortunately, I don't believe our IT dept is
going to do that. I seem to have this problem only on this machine, behind
this firewall, while logged in with cached credentials. This and other
machines behind this firewall work with local credentials and this machine
works even with cached credentials without a firewall.

I'm inclined to think it's a firewall issue...

______
DC G

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,

Thank you for the advice. Unfortunately, I don't believe our IT dept
is going to do that. I seem to have this problem only on this
machine, behind this firewall, while logged in with cached
credentials. This and other machines behind this firewall work with
local credentials and this machine works even with cached credentials
without a firewall.

I'm inclined to think it's a firewall issue...

Or a routing issue... Is the VPN connection and the LAN connection on
different subnets?

In your original post you have this 11197 event:

Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
Host Name : fnl-001
Primary Domain Suffix : company.net
DNS server list :
10.0.0.15, 10.0.0.13
Sent update to server : 10.1.1.1

What and where is the DNS at 10.1.1.1?

Have you tried changing the binding order?
Right click on Network Places, choose properties, in the Window that opens,
in the Advanced menu, select Advanced settings, move the VPN adapter to the
top of the connections pane.

 

[DC Gringo]

Kevin,

Thank you for the response...

The DNS for the VPN is at the corporate HQ office. The DNS for the wireless
connection is Verizon's dynamically assigned.

The VPN is already first in the provider order. Now I'm having a problem
with losing my VPN connection after several seconds. Once connected, it's
kicking my wireless connection off.

_____
DC G

 

[Guest]

Have you tried using the lastest vpn client from Cisco? I believe it is now
4.8.