Windows XP domain comms error

[Guest]

Hey all, not 100% that this is in the right place, mods please move if
incorrect.

I have a couple of users reporting that they are unable to access domain
resources while using VPN over 3G.

I can see no real reason for this, there are other people who can use 3G
fine and the users in question are able to connect via VPN using other
networks and it's OK.... Only on 3G or GPRS.

There are a number of LsaSrv errors 40960 and 40961 - namely the Downgrade
Attack error when the users try to make their domain authentication requests.

Basic network checks are fine, PING etc work and the users authenticate with
VPN.

Anyone got any clues? I'm at my wits end and the rest of the web is useless!

Mallie

 

[Guest]

VPN (in the original sense) requires a special protocol (Protocol number 47,
IIRC) and will not connect over networks that only pass TCP or UDP packets.
This might possibly explain a situation where it works over some mobile
carriers, and not others.

There are also a number of issues with NAT routers (at either end) and VPN.
In general, secure tunneling via a TCP port is much easier to setup and use,
which is why a lot of sites are going that way.

 

[Guest]

Hi, thanks for your reply but we've covered these bases.

The issue is not with the carrier, as all the connections are through 1
mobile network - Vodafone UK. The tunnel is not the problem, as I mentioned
it connects and basic network tasks work (ping, trace route etc).

Any other ideas?