Microsoft KB Archive/317506

= You May Not Be Able to Log On to the Domain with VPN If a Winsock Proxy Is Enabled =

Article ID: 317506

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Proxy Server 2.0 Standard Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition

-



This article was previously published under Q317506



SYMPTOMS
You may not be able to log on to your domain by using a virtual private network (VPN) if you have the Microsoft Proxy 2.0 client or the Microsoft Internet Security and Acceleration (ISA) Server 2000 client installed, and the proxy server can be reached only by using the VPN connection.

This behavior occurs only if you refer to the VPN server by a Domain Name System (DNS) name instead of by the IP address when you create the VPN connection.



CAUSE
Typically, the DNS server's IP address is not contained in the client computer's local address table (LAT). When the client computer tries to resolve the IP address for the VPN server, the client sends the name-resolution request to the proxy server. Because the client cannot reach the proxy server before the VPN connection is established, the name resolution for the VPN server times out.



RESOLUTION
To change this behavior, add the following lines to the master copy of the Mspclnt.ini file on the server that is running Proxy Server 2.0 or ISA Server 2000:

[svchost]

Disable=1



STATUS
This behavior is by design.



MORE INFORMATION
Note that the resolution that is described in this article prevents Svchost from accessing the external network through a Winsock proxy. Therefore, the following services that are hosted by Svchost do not use a Winsock proxy and users can log on:

Remote Procedure Call (RPC)

Windows Audio

Background Intelligent Transfer Service

Computer Browser

Cryptographic Service

DHCP Client

Logical Disk Manager

Error Reporting Service

COM+ Event System

Server

Workstation

Messenger

Network Connections

Network Location Awareness

Remote Access Connection Manager

Task Scheduler

Secondary Logon

System Event Notification

Shell Hardware Detection

System Restore Service

Telephony

Terminal Services

Themes

Distributed Link Tracking Client

Upload Manager

Windows Time

Windows Management Instrumentation

Portable Media Serial Number

Automatic Update

Wireless Zero Configuration

DNS Client

TCP/IP NetBIOS Helper

Remote Registry

SSDP Discovery Service

WebClient

Keywords: kbenv kbnetwork kbprb KB317506

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.