[vpn-help] Upgraded to Windows 10, Outlook 2010 no longer connects
Mark A. Sibert
marksibert at gmail.com
Thu Aug 13 07:39:17 CDT 2015
Okay - I did some more research, and now have a workaround.
The configurations I was using in Shrew all work now, with no modification
from how they were set up prior to upgrading Windows. My ethernet adapter
configuration is now the same as it was before I upgraded Windows. (I
changed the DNS settings back.)
When I connect or disconnect the VPN, I run the following batch file (as an
Administrator) to change the DNS settings of my ethernet adapter. My home
DNS settings use 4.2.2.1 and 4.2.2.3. "10.x.x.x" and "10.y.y.y" should be
replaced with VPN servers to be used when connected.
Obviously, this will have to change if I'm connected over wifi, etc. Just
wanted to post my results in case anyone else found them useful.
@echo off
if "%~1"=="home" goto FIXHOME
if "%~1"=="vpn" goto FIXVPN
goto USAGE
:FIXHOME
netsh dnsclient delete dnsservers "Ethernet 3" all
netsh interface ipv4 add dnsserver "Ethernet 3" 4.2.2.1
netsh interface ipv4 add dnsserver "Ethernet 3" 4.2.2.3
goto FLUSH
:FIXVPN
netsh dnsclient delete dnsservers "Ethernet 3" all
netsh interface ipv4 add dnsserver "Ethernet 3" 10.x.x.x
netsh interface ipv4 add dnsserver "Ethernet 3" 10.y.y.y
goto FLUSH
:FLUSH
ipconfig /flushdns
goto DONE
:USAGE
echo.
echo Usage: fixdns [home | vpn]
echo.
goto DONE
:DONE
On Wed, Aug 12, 2015 at 10:30 AM, Mark A. Sibert <marksibert at gmail.com>
wrote:
> Okay - the experiment worked.
>
> In my ethernet adapter settings, I manually configured DNS and set it to
> the same servers that the VPN uses. I removed the DNS entry for my ISP. I
> added the hostname for my vpn server to my hosts file, so that Shrew could
> connect to it.
>
> Once the connection is established, Outlook works, as well as all of the
> other internal websites.
>
> I tried adding my ISP's dns server to the end of the list, but that causes
> the internal hostnames to resolve incorrectly. The corporate dns server
> seems to be slow enough that my ISP's dns server is answering first with
> the incorrect address.
>
> So, routing is definitely correct. This is definitely a dns issue. I did
> try installing the "pay" version of Shrew, and selected "split dns" - but
> it didn't work.
>
> Is there a script I could run after connecting to fix the dns? "ipconfig"
> doesn't seem to have any option to remove a dns server.
>
> On Wed, Aug 12, 2015 at 9:49 AM, Mark A. Sibert <marksibert at gmail.com>
> wrote:
>
>> Oh - and I did try changing all of the Shrew executables to "run as
>> administrator", and even set them to run in compatibility mode for Windows
>> 7. (Applied settings for all users.) It didn't make a difference.
>>
>> On Wed, Aug 12, 2015 at 9:48 AM, Mark A. Sibert <marksibert at gmail.com>
>> wrote:
>>
>>> Okay - a little more digging and David's theory about it being a DNS
>>> issue is looking more and more likely.
>>>
>>> I flushed the DNS cache and was unable to resolve any internal addresses
>>> when connected via Shrew. So it's not just the Exchange server. Actually,
>>> the hostnames *did* resolve, but they resolved to different ip addresses!
>>>
>>> Next experiment (for later today) - take my home dns server out of the
>>> config and add the vpn's dns entries to my ethernet adapter's config. I'll
>>> have to add the ip address of the vpn server to my hosts file, since I
>>> won't have dns until I'm connected.
>>>
>>>
>>> On Sat, Aug 8, 2015 at 4:57 PM, Mark A. Sibert <marksibert at gmail.com>
>>> wrote:
>>>
>>>> Thanks Nigel. Thanks David.
>>>>
>>>> DNS *seems* to be working fine. Internal and external addresses both
>>>> resolve after the connection is established.
>>>>
>>>> The browser error (IE and Chrome) that I get when trying to connect to
>>>> OWA (Outlook Web Access) is: "Error Code: 403 Forbidden. The server denied
>>>> the specified Uniform Resource Locator (URL). Contact the server
>>>> administrator. (12202)" I just tried running in an incognito windows, with
>>>> the same result. So cache/cookies/plugins aren't the issue.
>>>>
>>>> I'm using the same Shrew configuration that worked in Windows 7/8/8.1.
>>>> (So nothing has changed there.) Both Outlook and OWA work fine when I
>>>> connect with the Cisco VPN client.
>>>>
>>>> I have included the output of "route print" for Shrew and Cisco below,
>>>> in case that sparks some ideas. (192.168.77.* is my local network,
>>>> 10.63.*.* is the VPN.) 192.168.77.15 is my wired ethernet address.
>>>> Obviously, my vpn address changed when I disconnected Shrew and reconnected
>>>> with AnyConnect.
>>>>
>>>> There appear to be some notable differences in the routing tables,
>>>> though. The one difference that stands out is:
>>>>
>>>> 0.0.0.0 0.0.0.0 On-link 10.63.238.73
>>>> 31 (Shrew)
>>>> 0.0.0.0 0.0.0.0 10.63.232.1 10.63.238.13
>>>> 2 (Cisco)
>>>>
>>>> I don't know if that's the issue or not... Any ideas?
>>>>
>>>> - Mark
>>>>
>>>>
>>>> No VPN:
>>>> IPv4 Route Table
>>>>
>>>> ===========================================================================
>>>> Active Routes:
>>>> Network Destination Netmask Gateway Interface
>>>> Metric
>>>> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15
>>>> 10
>>>> 127.0.0.0 255.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 127.0.0.1 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 127.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 192.168.77.0 255.255.255.0 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.15 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 224.0.0.0 240.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 224.0.0.0 240.0.0.0 On-link 192.168.77.15
>>>> 266
>>>> 255.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 255.255.255.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>>
>>>> ===========================================================================
>>>>
>>>> Shrew Soft VPN 2.2.2:
>>>> IPv4 Route Table
>>>>
>>>> ===========================================================================
>>>> Active Routes:
>>>> Network Destination Netmask Gateway Interface
>>>> Metric
>>>> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15
>>>> 110
>>>> 0.0.0.0 0.0.0.0 On-link 10.63.238.73
>>>> 31
>>>> 8.19.201.0 255.255.255.0 192.168.77.1 192.168.77.15
>>>> 11
>>>> 10.63.232.0 255.255.248.0 On-link 10.63.238.73
>>>> 286
>>>> 10.63.238.73 255.255.255.255 On-link 10.63.238.73
>>>> 286
>>>> 10.63.239.255 255.255.255.255 On-link 10.63.238.73
>>>> 286
>>>> 127.0.0.0 255.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 127.0.0.1 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 127.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 192.168.77.0 255.255.255.0 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.15 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 216.240.30.37 255.255.255.255 192.168.77.1 192.168.77.15
>>>> 11
>>>> 224.0.0.0 240.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 224.0.0.0 240.0.0.0 On-link 192.168.77.15
>>>> 266
>>>> 224.0.0.0 240.0.0.0 On-link 10.63.238.73
>>>> 286
>>>> 255.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 255.255.255.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 255.255.255.255 255.255.255.255 On-link 10.63.238.73
>>>> 286
>>>>
>>>> ===========================================================================
>>>>
>>>> And with Cisco Anyconnect:
>>>> IPv4 Route Table
>>>>
>>>> ===========================================================================
>>>> Active Routes:
>>>> Network Destination Netmask Gateway Interface
>>>> Metric
>>>> 0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.15
>>>> 10
>>>> 0.0.0.0 0.0.0.0 10.63.232.1 10.63.238.13
>>>> 2
>>>> 8.19.201.0 255.255.255.0 192.168.77.1 192.168.77.15
>>>> 10
>>>> 10.63.232.0 255.255.248.0 On-link 10.63.238.13
>>>> 257
>>>> 10.63.238.13 255.255.255.255 On-link 10.63.238.13
>>>> 257
>>>> 10.63.239.255 255.255.255.255 On-link 10.63.238.13
>>>> 257
>>>> 127.0.0.0 255.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 127.0.0.1 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 127.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 192.168.77.0 255.255.255.0 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.1 255.255.255.255 On-link 192.168.77.15
>>>> 11
>>>> 192.168.77.15 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 192.168.77.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 216.240.30.37 255.255.255.255 192.168.77.1 192.168.77.15
>>>> 11
>>>> 224.0.0.0 240.0.0.0 On-link 127.0.0.1
>>>> 306
>>>> 224.0.0.0 240.0.0.0 On-link 192.168.77.15
>>>> 266
>>>> 224.0.0.0 240.0.0.0 On-link 10.63.238.13
>>>> 257
>>>> 255.255.255.255 255.255.255.255 On-link 127.0.0.1
>>>> 306
>>>> 255.255.255.255 255.255.255.255 On-link 192.168.77.15
>>>> 266
>>>> 255.255.255.255 255.255.255.255 On-link 10.63.238.13
>>>> 257
>>>>
>>>> ===========================================================================
>>>>
>>>>
>>>> On Sat, Aug 8, 2015 at 9:38 AM, David A. Esquivel <dae at qcapital.com>
>>>> wrote:
>>>>
>>>>> Sounds like a DNS issue. Any Connect does split DNS by default. WIN
>>>>> 10 may have a security issue preventing Shrew from changing your DNS. Have
>>>>> you tried "Run as Administrator"?
>>>>>
>>>>>
>>>>>
>>>>> Sent from my T-Mobile 4G LTE Device
>>>>>
>>>>>
>>>>> -------- Original message --------
>>>>> From: "Mark A. Sibert" <marksibert at gmail.com>
>>>>> Date: 08/07/2015 23:20 (GMT-05:00)
>>>>> To: vpn-help at lists.shrew.net
>>>>> Subject: [vpn-help] Upgraded to Windows 10, Outlook 2010 no longer
>>>>> connects
>>>>>
>>>>> So here's a weird problem...
>>>>>
>>>>> I have Shrew 2.2.2 (x64) installed. Prior to upgrading to Windows 10,
>>>>> everything worked.
>>>>>
>>>>> After upgrading to Windows 10, Outlook 2010 will no longer connect to
>>>>> the Exchange server. It's worth noting that I have to be on VPN to connect
>>>>> to Exchange. No outside access is allowed. Outlook Web Access also does
>>>>> not work, so it seems to be a routing issue, and not an Outlook issue.
>>>>>
>>>>> When I connect using the Cisco Anyconnect client, Outlook 2010 works.
>>>>> OWA works too.
>>>>>
>>>>> I tried 2 different configurations in Shrew. In one of them, I had it
>>>>> obtain the topology from the server and tunnel everything. In the other
>>>>> config, I copied the routing information that was displayed in Anyconnect.
>>>>> That tunneled everything but excluded my 192.* network and one other
>>>>> network. The behavior was the same in both cases.
>>>>>
>>>>> I can access internal web pages while on the VPN, so the connection is
>>>>> definitely established and some things are being routed.
>>>>>
>>>>> Has anyone else run into this, or know what might be happening? I
>>>>> tried reinstalling Shrew 2.2.2. I also tried the instructions at
>>>>> http://www.ruudborst.nl/shrewsoft-vpn-filter-blocks-traffic-on-windows-10/
>>>>> but it didn't help.
>>>>>
>>>>> Any help is appreciated! Thanks!!
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150813/39e5ba33/attachment-0001.html>
More information about the vpn-help
mailing list