SSL Domain stripping

Unanswered Question
Mar 31st, 2007

I have a VPN 3005 setup to allow the SSL client login. 2 weeks ago we started having trouble with Outlook. The SSL clients authenticate and establish the tunnel just fine. When they try to start Outlook they get a message stating that the server is unavailable. Looking at the Exchange log, it seems like the domain is being stripped before being passed to the domain controller. I tried turning the strip domain option off in the concentrator, but still had the same problem. The full VPN clients are working just fine. The issue only seems to affect the SSL client. Does anyone have any idea what the problem might be?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Thu, 04/05/2007 - 10:18

I think the problem you are facing is related to older version and this problem is fixed in version 4.0.3a or later. If the software version is fine then check if you have assigned ip addresses to assign the SSL Clients.

ogitf1717 Fri, 04/06/2007 - 07:34

I am running version 4.7.2.J on the concentrator, which is a model 3005. I'm not sure what you mean about the ip addresses. The clients get assigned an address from a pool in the concentrator, and the there is no assignment in the user setup tab. Something else we found out, if the full client is installed, the SSL client works. If we remove the full client, it stops.

ogitf1717 Fri, 04/06/2007 - 10:56

It appears that Kerberos UDP packets are getting lost on the way back to the workstation. I can see them leaving the server and going to the concentrator in a network trace, but the workstation is not seeing them. I followed the Microsoft link below to force Kerberos to use TCP, and can now connect just fine.


This Discussion