VPN over an ISA server: some users can access resources on servers, others can't.

[Starriol]

Good morning guys.
We are having a weird problem in our network.
It's a Windows domain, running on 2 Windows 2003 domain servers. We have around 10 other servers, including an ISA server, all part of the domain.

The weird problem is that the VPN we have established with an ISA 2004 server, running it over PPTP, doesn't seem to work OK with some users.
The problem is that the users CAN connect to the VPN but can access resources on servers.

For example, some users can't do a \\servername, because they end up with an error saying "cannot find the network resource" or something like that. Even when added to the Domain admins security group.
But if I use another user (working ok) at the same location, will work OK.

The weird thing is that some users can access half the resources over the network.

For example, will work OK with some servers, but others can't be connected via Terminal Server Client, nor get a folder list with \\servername, but another user can work with that perfectly.

The same thing happens when copying the security groups from a user that works OK to the problematic one.

I'm lost here...

 

[Starriol]

It's not DNS related... I can't connect via IP address to network shares either, with the user with problems.

It's the exact same config except the user; did an IPCONFIG /ALL, all the same, except client IP.
Same windows user, same network...

 

[Party2go9820]

If its got the same IP settings, then check your AD group memebership/permissions. One of the nicest things about ISA is that it can check against active directory user for firewall permissions.

 

[Starriol]

The problem was that there was a rule in ISA server that routed the traffic coming from VPN clients under an specific group name.

Thanks for the ideas guys!