I have a WM 6.1 device, and can browse the Internet without problem. I then used MDM to enroll the device to my domain. This proceeded without problem and my device is now joined to the domain, and connected through the MDM VPN. Exchange ActiveSync email works fine over the VPN connection.
But now I cannot browse from the device. If I go to either an Internet or intranet site, I get this message:
"Your Internet connection is not configured properly. Please verify your settings in Connections."
If I disable the VPN connection, I can once again brows the Internet without problems.
I don't know what settings to modify... any suggestions?
Thanks,
Robert O'Hara
Can't browse with VPN enabled
June 18th, 2008 12:29am
And you've double-checked that the settings for the VPN clients are correct? The right gateway, the right DNS server, etc... When VPN is enabled all traffic is tunneled through the VPN connection, so since the device is able to access the internet through your operators GW/DNS it seems to be some issue with the config or the network.
Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? Are there any proxies in use on the LAN that must be configured for internet access? You could also try to download vxUtils and try ping/tracert/dns-lookups from the device.
Also try to ping your device to see if it's reachable; it was reported in another thread that a ping was sometimes needed to "trigger" communication. And these are regular devices connecting through GPRS/3G and not emulator or WiFi or a different type of carrier?
Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? Are there any proxies in use on the LAN that must be configured for internet access? You could also try to download vxUtils and try ping/tracert/dns-lookups from the device.
Also try to ping your device to see if it's reachable; it was reported in another thread that a ping was sometimes needed to "trigger" communication. And these are regular devices connecting through GPRS/3G and not emulator or WiFi or a different type of carrier?
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2008 12:47am
Andreas,
Thanks for your quick response. I am using a "real" WM 6.1 device over AT&T's 3G network.
I believe all of the VPN settings are correct. I should note that I have a second device, same as the first, that browses fine through the VPN. The difference is that I recently wiped the problem device and just re-enrolled in the domain. This says to me the server setup is fundamentally OK.
What I find curious is that when on the device I go to a web page, no traffic arrives at the server (watching on Wireshark). So this says to me the problem is on the client.
But at this point I am still stuck.
I did not know that Windows Mobile responds to a ping... is this true? My WM 6.0 device does not...
Thanks, Bob O'Hara
June 18th, 2008 1:32am
HiRobert,
When you reset the device, it might have gone to IMS.cingular for the APN, I know that I have an AT&T Tilt that does that on the build I'm on with that device. I'd take a look at that.
If that is not the problem, I think that this usually resolves to a DNS lookup issue. I'm not positive, but I believe that if it can't get to a DNS server,Pocket IEwill throw this error. If this is the case, you will not see packets getting to your DNS server.
And yes, you can ping a 6.1 device. Once it is connected to the gateway you should be able to ping it from any server you expect that device to communicate with (i.e. Device Mgmt server, Proxy, Exchange, LOB, etc. [ I guess that LOB = etc.])
Here's a shameless plug: If you are working on getting devices communicating through an MDM installation, you should go to tools.enterprisemobile.com and pick up our IP Utility. It will show the IP on the device - on any interface VPN included, allow you to run ping from the device, traceroute from the device,renew DHCP settings on the device, along with the ability to do a ping sweep, all with logging. My favorite feature? That it runs on any 6.1 device (it will run on other devices 5.0 w/.Net CF 2.0 and 6.0 devices, but all we care about here are 6.1, right?). And when you get the system functional, you can come back for the CAB signing tool that eases the cab signing that is required by MDM.
With that and the resource kit tools (especially the VPN Diagnostic, and Connect Now - under client tools) you will be much better armed when you start getting a system up-and-running.
Mark Riley - Enterprise Mobile
When you reset the device, it might have gone to IMS.cingular for the APN, I know that I have an AT&T Tilt that does that on the build I'm on with that device. I'd take a look at that.
If that is not the problem, I think that this usually resolves to a DNS lookup issue. I'm not positive, but I believe that if it can't get to a DNS server,Pocket IEwill throw this error. If this is the case, you will not see packets getting to your DNS server.
And yes, you can ping a 6.1 device. Once it is connected to the gateway you should be able to ping it from any server you expect that device to communicate with (i.e. Device Mgmt server, Proxy, Exchange, LOB, etc. [ I guess that LOB = etc.])
Here's a shameless plug: If you are working on getting devices communicating through an MDM installation, you should go to tools.enterprisemobile.com and pick up our IP Utility. It will show the IP on the device - on any interface VPN included, allow you to run ping from the device, traceroute from the device,renew DHCP settings on the device, along with the ability to do a ping sweep, all with logging. My favorite feature? That it runs on any 6.1 device (it will run on other devices 5.0 w/.Net CF 2.0 and 6.0 devices, but all we care about here are 6.1, right?). And when you get the system functional, you can come back for the CAB signing tool that eases the cab signing that is required by MDM.
With that and the resource kit tools (especially the VPN Diagnostic, and Connect Now - under client tools) you will be much better armed when you start getting a system up-and-running.
Mark Riley - Enterprise Mobile
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2008 2:50am
Mark,
Thanks for the shameless plug! Your IP utility is great. I can indeed ping the device from within the domain.
It turns out the problem was within IE: its connection had defaulted to "WAP". I changed it to "Work" and, like the name says, it now works :-)
Bob O'Hara
June 18th, 2008 9:59pm
Hi Andreas,
Can you enlighten me on this one. we can browse using our connection but when we connect to vpn that the client gave us we can no longer browse. base on your explanation "Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? " we tried accessing google.com but it returns page cannot display but when we put the IP of google in the url, we can access it. What does this imply? a DNS issue in the VPN server of the client?
Thanks,
Francis
- Edited by francis garcia Wednesday, February 12, 2014 2:16 AM
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2014 4:59am
Hi Andreas,
Can you enlighten me on this one. we can browse using our connection but when we connect to vpn that the client gave us we can no longer browse. base on your explanation "Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? " we tried accessing google.com but it returns page cannot display but when we put the IP of google in the url, we can access it. What does this imply? a DNS issue in the VPN server of the client?
Thanks,
Francis
- Edited by francis garcia Wednesday, February 12, 2014 2:16 AM
February 12th, 2014 4:59am
Hi Andreas,
Can you enlighten me on this one. we can browse using our connection but when we connect to vpn that the client gave us we can no longer browse. base on your explanation "Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? " we tried accessing google.com but it returns page cannot display but when we put the IP of google in the url, we can access it. What does this imply? a DNS issue in the VPN server of the client?
Thanks,
Francis
- Edited by francis garcia Wednesday, February 12, 2014 2:16 AM
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2014 4:59am
Hi Andreas,
Can you enlighten me on this one. we can browse using our connection but when we connect to vpn that the client gave us we can no longer browse. base on your explanation "Have you tried accessing web pages both by dns-name and IP address to try to rule out whether it's a DNS issue or a routing issue? " we tried accessing google.com but it returns page cannot display but when we put the IP of google in the url, we can access it. What does this imply? a DNS issue in the VPN server of the client?
Thanks,
Francis
- Edited by francis garcia Wednesday, February 12, 2014 2:16 AM
February 12th, 2014 4:59am
This topic is archived. No further replies will be accepted.
Other recent topics
