Article ID: 317506 - Last Review: October 27, 2006 - Revision: 1.2

You May Not Be Able to Log On to the Domain with VPN If a Winsock Proxy Is Enabled

View products that this article applies to.
This article was previously published under Q317506
Expand all | Collapse all

SYMPTOMS

You may not be able to log on to your domain by using a virtual private network (VPN) if you have the Microsoft Proxy 2.0 client or the Microsoft Internet Security and Acceleration (ISA) Server 2000 client installed, and the proxy server can be reached only by using the VPN connection.

This behavior occurs only if you refer to the VPN server by a Domain Name System (DNS) name instead of by the IP address when you create the VPN connection.
Back to the top

CAUSE

Typically, the DNS server's IP address is not contained in the client computer's local address table (LAT). When the client computer tries to resolve the IP address for the VPN server, the client sends the name-resolution request to the proxy server. Because the client cannot reach the proxy server before the VPN connection is established, the name resolution for the VPN server times out.
Back to the top

RESOLUTION

To change this behavior, add the following lines to the master copy of the Mspclnt.ini file on the server that is running Proxy Server 2.0 or ISA Server 2000:
[svchost]
Disable=1
Back to the top

STATUS

This behavior is by design.
Back to the top

MORE INFORMATION

Note that the resolution that is described in this article prevents Svchost from accessing the external network through a Winsock proxy. Therefore, the following services that are hosted by Svchost do not use a Winsock proxy and users can log on:
Remote Procedure Call (RPC)
Windows Audio
Background Intelligent Transfer Service
Computer Browser
Cryptographic Service
DHCP Client
Logical Disk Manager
Error Reporting Service
COM+ Event System
Server
Workstation
Messenger
Network Connections
Network Location Awareness
Remote Access Connection Manager
Task Scheduler
Secondary Logon
System Event Notification
Shell Hardware Detection
System Restore Service
Telephony
Terminal Services
Themes
Distributed Link Tracking Client
Upload Manager
Windows Time
Windows Management Instrumentation
Portable Media Serial Number
Automatic Update
Wireless Zero Configuration
DNS Client
TCP/IP NetBIOS Helper
Remote Registry
SSDP Discovery Service
WebClient
Back to the top
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
  • Microsoft Proxy Server 2.0 Standard Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
Back to the top
Keywords: 
kbenv kbnetwork kbprb KB317506
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations