You May Not Be Able to Log On to the Domain with VPN If a Winsock Proxy Is Enabled

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q317506
This article has been archived. It is offered "as is" and will no longer be updated.
You may not be able to log on to your domain by using a virtual private network (VPN) if you have the Microsoft Proxy 2.0 client or the Microsoft Internet Security and Acceleration (ISA) Server 2000 client installed, and the proxy server can be reached only by using the VPN connection.

This behavior occurs only if you refer to the VPN server by a Domain Name System (DNS) name instead of by the IP address when you create the VPN connection.
Typically, the DNS server's IP address is not contained in the client computer's local address table (LAT). When the client computer tries to resolve the IP address for the VPN server, the client sends the name-resolution request to the proxy server. Because the client cannot reach the proxy server before the VPN connection is established, the name resolution for the VPN server times out.
To change this behavior, add the following lines to the master copy of the Mspclnt.ini file on the server that is running Proxy Server 2.0 or ISA Server 2000:
This behavior is by design.
Note that the resolution that is described in this article prevents Svchost from accessing the external network through a Winsock proxy. Therefore, the following services that are hosted by Svchost do not use a Winsock proxy and users can log on:
Remote Procedure Call (RPC)
Windows Audio
Background Intelligent Transfer Service
Computer Browser
Cryptographic Service
DHCP Client
Logical Disk Manager
Error Reporting Service
COM+ Event System
Network Connections
Network Location Awareness
Remote Access Connection Manager
Task Scheduler
Secondary Logon
System Event Notification
Shell Hardware Detection
System Restore Service
Terminal Services
Distributed Link Tracking Client
Upload Manager
Windows Time
Windows Management Instrumentation
Portable Media Serial Number
Automatic Update
Wireless Zero Configuration
DNS Client
Remote Registry
SSDP Discovery Service

Article ID: 317506 - Last Review: 01/11/2015 04:33:52 - Revision: 1.2

  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
  • Microsoft Proxy Server 2.0 Standard Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • kbnosurvey kbarchive kbenv kbnetwork kbprb KB317506