Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
3
Replies

SSL Domain stripping

ogitf1717
Level 1
Level 1

‎03-31-2007 02:53 PM - edited ‎03-09-2019 05:42 PM

I have a VPN 3005 setup to allow the SSL client login. 2 weeks ago we started having trouble with Outlook. The SSL clients authenticate and establish the tunnel just fine. When they try to start Outlook they get a message stating that the server is unavailable. Looking at the Exchange log, it seems like the domain is being stripped before being passed to the domain controller. I tried turning the strip domain option off in the concentrator, but still had the same problem. The full VPN clients are working just fine. The issue only seems to affect the SSL client. Does anyone have any idea what the problem might be?

Labels:
0 Helpful
3 Replies 3

bwilmoth
Level 5
Level 5

‎04-05-2007 10:18 AM

I think the problem you are facing is related to older version and this problem is fixed in version 4.0.3a or later. If the software version is fine then check if you have assigned ip addresses to assign the SSL Clients.

0 Helpful

ogitf1717
Level 1
Level 1
In response to bwilmoth

‎04-06-2007 07:34 AM

I am running version 4.7.2.J on the concentrator, which is a model 3005. I'm not sure what you mean about the ip addresses. The clients get assigned an address from a pool in the concentrator, and the there is no assignment in the user setup tab. Something else we found out, if the full client is installed, the SSL client works. If we remove the full client, it stops.

0 Helpful

ogitf1717
Level 1
Level 1
In response to ogitf1717

‎04-06-2007 10:56 AM

It appears that Kerberos UDP packets are getting lost on the way back to the workstation. I can see them leaving the server and going to the concentrator in a network trace, but the workstation is not seeing them. I followed the Microsoft link below to force Kerberos to use TCP, and can now connect just fine.

http://support.microsoft.com/?id=244474

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents