Exchange/Cisco VPN client failing

I have a WinXP Pro w/Outlook 2003 laptop trying to connect through a Cisco
VPN 4.0.5 to the Exchange server. This connection is initiated via a D-link
wireless access point. I seem to be having trouble resolving DNS, getting
through the firewall, or authenticating to the Exchange server. Outlook
gets stuck in "trying to connect". It only seems to be problematic from
this one location, so perhaps it's a firewall port I'm missing...although
I've followed all D-link instructions for enabling this Cisco client at
http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D624

Closest I've come to solving this is using the following KB article tells me
that MS04-11 update may create this problem, but I can't uninstall it as it
appears to have come with SP2 or another roll-up. I've tried the uninstall
switch, before and after trying to reinstall it alone:

http://support.microsoft.com/kb/891559

Here are my log entries:

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for server
exchangeAB/HQ-MAIL-VS2.company.net. The failure code from authentication
protocol Kerberos was "No authority could be contacted for authentication.
(0x80090311)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11197
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The system failed to update and remove host (A) resource records (RRs) for
network adapter
with settings:

Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
Host Name : fnl-001
Primary Domain Suffix : company.net
DNS server list :
10.0.0.15, 10.0.0.13
Sent update to server : 10.1.1.1
IP Address(es) :
10.0.30.120

The reason the update request failed was because of a system problem. For
specific error code, see the record data displayed below.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1e 25 00 00 .%..


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:50 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with the server
exchangeAB/hq-MAIL-VS2.company.net. No authentication protocol was
available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System detected an attempted downgrade attack for server
exchangeMDB/hq-MAIL-VS2.company.net. The failure code from authentication
protocol Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)".

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 5/13/2006
Time: 8:10:54 PM
User: N/A
Computer: FNL-001
Description:
The Security System could not establish a secured connection with the server
exchangeMDB/hq-MAIL-VS2.company.net. No authentication protocol was
available.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Shenan
Sun May 14 13:56:51 CDT 2006

DC Gringo wrote:
> I have a WinXP Pro w/Outlook 2003 laptop trying to connect through
> a Cisco VPN 4.0.5 to the Exchange server. This connection is
> initiated via a D-link wireless access point. I seem to be having
> trouble resolving DNS, getting through the firewall, or
> authenticating to the Exchange server. Outlook gets stuck in
> "trying to connect". It only seems to be problematic from this one
> location, so perhaps it's a firewall port I'm missing...although
> I've followed all D-link instructions for enabling this Cisco
> client at
> http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D624
> Closest I've come to solving this is using the following KB article
> tells me that MS04-11 update may create this problem, but I can't
> uninstall it as it appears to have come with SP2 or another
> roll-up. I've tried the uninstall switch, before and after trying
> to reinstall it alone:
> http://support.microsoft.com/kb/891559
>
> Here are my log entries:
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40960
> Date: 5/13/2006
> Time: 8:10:50 PM
> User: N/A
> Computer: FNL-001
> Description:
> The Security System detected an attempted downgrade attack for
> server exchangeAB/HQ-MAIL-VS2.company.net. The failure code from
> authentication protocol Kerberos was "No authority could be
> contacted for authentication. (0x80090311)".
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Warning
> Event Source: DnsApi
> Event Category: None
> Event ID: 11197
> Date: 5/13/2006
> Time: 8:10:50 PM
> User: N/A
> Computer: FNL-001
> Description:
> The system failed to update and remove host (A) resource records
> (RRs) for network adapter
> with settings:
>
> Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
> Host Name : fnl-001
> Primary Domain Suffix : company.net
> DNS server list :
> 10.0.0.15, 10.0.0.13
> Sent update to server : 10.1.1.1
> IP Address(es) :
> 10.0.30.120
>
> The reason the update request failed was because of a system
> problem. For specific error code, see the record data displayed
> below.
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 1e 25 00 00 .%..
>
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 5/13/2006
> Time: 8:10:50 PM
> User: N/A
> Computer: FNL-001
> Description:
> The Security System could not establish a secured connection with
> the server exchangeAB/hq-MAIL-VS2.company.net. No authentication
> protocol was available.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40960
> Date: 5/13/2006
> Time: 8:10:54 PM
> User: N/A
> Computer: FNL-001
> Description:
> The Security System detected an attempted downgrade attack for
> server exchangeMDB/hq-MAIL-VS2.company.net. The failure code from
> authentication protocol Kerberos was "There are currently no logon
> servers available to service the logon request.
> (0xc000005e)".
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 5/13/2006
> Time: 8:10:54 PM
> User: N/A
> Computer: FNL-001
> Description:
> The Security System could not establish a secured connection with
> the server exchangeMDB/hq-MAIL-VS2.company.net. No authentication
> protocol was available.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.

For Exchange - I highly recommend RPC over HTTP.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Paul
Sun May 14 14:05:28 CDT 2006

In article <#zvUqg4dGHA.4932@TK2MSFTNGP03.phx.gbl>, in the
microsoft.public.security news group, Shenan Stanley
<newshelper@gmail.com> says...

> For Exchange - I highly recommend RPC over HTTP.
>

For a single line response - I highly recommend snipping. :-)

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain

DC
Sun May 14 16:57:29 CDT 2006

Paul,

Thanks for the response...could you explain what you mean?

_____
DC G


"Paul Adare" <padare@newsguy.com> wrote in message
news:MPG.1ed14985b07fcc998a149@msnews.microsoft.com...
> In article <#zvUqg4dGHA.4932@TK2MSFTNGP03.phx.gbl>, in the
> microsoft.public.security news group, Shenan Stanley
> <newshelper@gmail.com> says...
>
>> For Exchange - I highly recommend RPC over HTTP.
>>
>
> For a single line response - I highly recommend snipping. :-)
>
> --
> Paul Adare - MVP Virtual Machines
> It all began with Adam. He was the first man to tell a joke--or a lie.
> How lucky Adam was. He knew when he said a good thing, nobody had said
> it before. Adam was not alone in the Garden of Eden, however, and does
> not deserve all the credit; much is due to Eve, the first woman, and
> Satan, the first consultant." - Mark Twain

DC
Sun May 14 16:57:57 CDT 2006

Shenan,

Thanks for the response...could you explain a bit more? Is this a
client-side or server-side configuration?

_____
DC G

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:%23zvUqg4dGHA.4932@TK2MSFTNGP03.phx.gbl...
> DC Gringo wrote:
>> I have a WinXP Pro w/Outlook 2003 laptop trying to connect through
>> a Cisco VPN 4.0.5 to the Exchange server. This connection is
>> initiated via a D-link wireless access point. I seem to be having
>> trouble resolving DNS, getting through the firewall, or
>> authenticating to the Exchange server. Outlook gets stuck in
>> "trying to connect". It only seems to be problematic from this one
>> location, so perhaps it's a firewall port I'm missing...although
>> I've followed all D-link instructions for enabling this Cisco
>> client at
>> http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D624
>> Closest I've come to solving this is using the following KB article
>> tells me that MS04-11 update may create this problem, but I can't
>> uninstall it as it appears to have come with SP2 or another
>> roll-up. I've tried the uninstall switch, before and after trying
>> to reinstall it alone:
>> http://support.microsoft.com/kb/891559
>>
>> Here are my log entries:
>>
>> Event Type: Warning
>> Event Source: LSASRV
>> Event Category: SPNEGO (Negotiator)
>> Event ID: 40960
>> Date: 5/13/2006
>> Time: 8:10:50 PM
>> User: N/A
>> Computer: FNL-001
>> Description:
>> The Security System detected an attempted downgrade attack for
>> server exchangeAB/HQ-MAIL-VS2.company.net. The failure code from
>> authentication protocol Kerberos was "No authority could be
>> contacted for authentication. (0x80090311)".
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> Event Type: Warning
>> Event Source: DnsApi
>> Event Category: None
>> Event ID: 11197
>> Date: 5/13/2006
>> Time: 8:10:50 PM
>> User: N/A
>> Computer: FNL-001
>> Description:
>> The system failed to update and remove host (A) resource records
>> (RRs) for network adapter
>> with settings:
>>
>> Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
>> Host Name : fnl-001
>> Primary Domain Suffix : company.net
>> DNS server list :
>> 10.0.0.15, 10.0.0.13
>> Sent update to server : 10.1.1.1
>> IP Address(es) :
>> 10.0.30.120
>>
>> The reason the update request failed was because of a system
>> problem. For specific error code, see the record data displayed
>> below.
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>> Data:
>> 0000: 1e 25 00 00 .%..
>>
>>
>> Event Type: Warning
>> Event Source: LSASRV
>> Event Category: SPNEGO (Negotiator)
>> Event ID: 40961
>> Date: 5/13/2006
>> Time: 8:10:50 PM
>> User: N/A
>> Computer: FNL-001
>> Description:
>> The Security System could not establish a secured connection with
>> the server exchangeAB/hq-MAIL-VS2.company.net. No authentication
>> protocol was available.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>>
>> Event Type: Warning
>> Event Source: LSASRV
>> Event Category: SPNEGO (Negotiator)
>> Event ID: 40960
>> Date: 5/13/2006
>> Time: 8:10:54 PM
>> User: N/A
>> Computer: FNL-001
>> Description:
>> The Security System detected an attempted downgrade attack for
>> server exchangeMDB/hq-MAIL-VS2.company.net. The failure code from
>> authentication protocol Kerberos was "There are currently no logon
>> servers available to service the logon request.
>> (0xc000005e)".
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>>
>> Event Type: Warning
>> Event Source: LSASRV
>> Event Category: SPNEGO (Negotiator)
>> Event ID: 40961
>> Date: 5/13/2006
>> Time: 8:10:54 PM
>> User: N/A
>> Computer: FNL-001
>> Description:
>> The Security System could not establish a secured connection with
>> the server exchangeMDB/hq-MAIL-VS2.company.net. No authentication
>> protocol was available.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>
> For Exchange - I highly recommend RPC over HTTP.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Kevin
Sun May 14 23:19:59 CDT 2006

DC Gringo wrote:
> Shenan,
>
> Thanks for the response...could you explain a bit more? Is this a
> client-side or server-side configuration?

RPC over HTTPS allows you to use Outlook 2003 with Exchange 2003 on Win2k3
(preferably SP1) without a VPN, it is done over the internet using port 443.
You will need a SSL certificate, either from a Public provider or from your
own Certificate Authority.
How to configure RPC over HTTP on a single server in Exchange Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

DC
Mon May 15 06:59:12 CDT 2006

Kevin,

Thank you for the advice. Unfortunately, I don't believe our IT dept is
going to do that. I seem to have this problem only on this machine, behind
this firewall, while logged in with cached credentials. This and other
machines behind this firewall work with local credentials and this machine
works even with cached credentials without a firewall.

I'm inclined to think it's a firewall issue...

______
DC G


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eMnFXb9dGHA.1204@TK2MSFTNGP02.phx.gbl...
> DC Gringo wrote:
>> Shenan,
>>
>> Thanks for the response...could you explain a bit more? Is this a
>> client-side or server-side configuration?
>
> RPC over HTTPS allows you to use Outlook 2003 with Exchange 2003 on Win2k3
> (preferably SP1) without a VPN, it is done over the internet using port
> 443.
> You will need a SSL certificate, either from a Public provider or from
> your
> own Certificate Authority.
> How to configure RPC over HTTP on a single server in Exchange Server 2003:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;833401
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Kevin
Mon May 15 07:37:55 CDT 2006

DC Gringo wrote:
> Kevin,
>
> Thank you for the advice. Unfortunately, I don't believe our IT dept
> is going to do that. I seem to have this problem only on this
> machine, behind this firewall, while logged in with cached
> credentials. This and other machines behind this firewall work with
> local credentials and this machine works even with cached credentials
> without a firewall.
>
> I'm inclined to think it's a firewall issue...
Or a routing issue... Is the VPN connection and the LAN connection on
different subnets?

In your original post you have this 11197 event:
> Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
> Host Name : fnl-001
> Primary Domain Suffix : company.net
> DNS server list :
> 10.0.0.15, 10.0.0.13
> Sent update to server : 10.1.1.1
What and where is the DNS at 10.1.1.1?

Have you tried changing the binding order?
Right click on Network Places, choose properties, in the Window that opens,
in the Advanced menu, select Advanced settings, move the VPN adapter to the
top of the connections pane.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

DC
Mon May 15 08:58:30 CDT 2006

Kevin,

Thank you for the response...

The DNS for the VPN is at the corporate HQ office. The DNS for the wireless
connection is Verizon's dynamically assigned.

The VPN is already first in the provider order. Now I'm having a problem
with losing my VPN connection after several seconds. Once connected, it's
kicking my wireless connection off.

_____
DC G

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:u1rZlxBeGHA.3556@TK2MSFTNGP02.phx.gbl...
> DC Gringo wrote:
>> Kevin,
>>
>> Thank you for the advice. Unfortunately, I don't believe our IT dept
>> is going to do that. I seem to have this problem only on this
>> machine, behind this firewall, while logged in with cached
>> credentials. This and other machines behind this firewall work with
>> local credentials and this machine works even with cached credentials
>> without a firewall.
>>
>> I'm inclined to think it's a firewall issue...
> Or a routing issue... Is the VPN connection and the LAN connection on
> different subnets?
>
> In your original post you have this 11197 event:
>> Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
>> Host Name : fnl-001
>> Primary Domain Suffix : company.net
>> DNS server list :
>> 10.0.0.15, 10.0.0.13
>> Sent update to server : 10.1.1.1
> What and where is the DNS at 10.1.1.1?
>
> Have you tried changing the binding order?
> Right click on Network Places, choose properties, in the Window that
> opens,
> in the Advanced menu, select Advanced settings, move the VPN adapter to
> the
> top of the connections pane.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

confusedatwork
Mon May 15 09:36:02 CDT 2006

Have you tried using the lastest vpn client from Cisco? I believe it is now
4.8.

"DC Gringo" wrote:

> Kevin,
>
> Thank you for the response...
>
> The DNS for the VPN is at the corporate HQ office. The DNS for the wireless
> connection is Verizon's dynamically assigned.
>
> The VPN is already first in the provider order. Now I'm having a problem
> with losing my VPN connection after several seconds. Once connected, it's
> kicking my wireless connection off.
>
> _____
> DC G
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:u1rZlxBeGHA.3556@TK2MSFTNGP02.phx.gbl...
> > DC Gringo wrote:
> >> Kevin,
> >>
> >> Thank you for the advice. Unfortunately, I don't believe our IT dept
> >> is going to do that. I seem to have this problem only on this
> >> machine, behind this firewall, while logged in with cached
> >> credentials. This and other machines behind this firewall work with
> >> local credentials and this machine works even with cached credentials
> >> without a firewall.
> >>
> >> I'm inclined to think it's a firewall issue...
> > Or a routing issue... Is the VPN connection and the LAN connection on
> > different subnets?
> >
> > In your original post you have this 11197 event:
> >> Adapter Name : {C8886BF1-FC23-4B35-93B8-C435EADD2B02}
> >> Host Name : fnl-001
> >> Primary Domain Suffix : company.net
> >> DNS server list :
> >> 10.0.0.15, 10.0.0.13
> >> Sent update to server : 10.1.1.1
> > What and where is the DNS at 10.1.1.1?
> >
> > Have you tried changing the binding order?
> > Right click on Network Places, choose properties, in the Window that
> > opens,
> > in the Advanced menu, select Advanced settings, move the VPN adapter to
> > the
> > top of the connections pane.
> >
> >
> > --
> > Best regards,
> > Kevin D. Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > http://support.wftx.us/
> > https://secure.lsaol.com/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
>
>
>