This one has been bugging me for a while.  I've probably spent far too
much time on it.

Client:
Windows XP SP2 and all hotfixes
TCP/IP over wired or wireless

VPN Server:  Windows 2000 SP4 all hotfixes, using PPTP.
File Server: Windows 2000 SP4 all hotfixes.
Native W2K AD environment, using NAT.  No firewall between client and VPN.  

Problem:
Ever since one user got back from Korea, he can't use the VPN
correctly.  It connects fine, but he can't map any drives.  He gets
the error similar to:
http://support.microsoft.com/?kbid=890413 

He gets it across all file servers.  However Outlook/Exchange works.

Here is what I've tried:
Resetting his password. (didn't work)
Logging in as a domain admin both locally to the machine, and to the
VPN from his machine (this works)
Logging in as a domain admin to the VPN under his local login (doesn't work)
Logging in as him from another machine not a member of the domain (This works)
Trying a system restore to before he went to Korea and all this all
started (didn't work, I tried several)
Disconnecting all network drives and trying them one by one.  However
if I use the net use command, I get prompted with a login and password
in the command line, and then I CAN log in as the user.
Updating all drivers and MS patches.
Rebuilding his profile on the same machine.  Amazingly, with a fresh
blank profile I cannot map drives through the VPN as him!
 
Everyone else can use the VPN fine and no issues reported.
 
I've looked through the event and VPN logs on the VPN server and the
shared server and nothing is out of the ordinary.  From the same
machine I can connect as myself fine, if I log on to another profile.
 
When he went to Korea he stated that he was prompted to apply the
October Microsoft Security patches, and he thinks it's related to
that, but I'm not so sure.

---

Clarification of Question by indeego1-ga on 01 Nov 2005 09:12 PST

In addition to the above, I have tried to use Windows XP user accounts
in the control panel to manually enter a username and password for the
file servers, this did not make a difference.

I think the key is to focus on how I can get it to work using the Net
use command when entered with a username and password.  This shouldn't
be required, the authentication should pass though the connection to
the required server, like it always has up until this point.

OK.

Check for Flash bios updates on network cards etc.
Remove Users login details, from domain, VPN and local machine.
Delete Users individual Document And Settings re-login once wiped
(this will removed and cached settings).
Fully virus check the computer.

IF that doesn't work wipe the thing and start again;-D

Note: use ip address of server where it says "ServerIP" w/out quotes,
map letters and shares to your corresponding letters and shares.

Here put this into a .bat file and run it
save the following in a file named drives.bat
then have him double click it. it may or may not prompt him for a
username and password.



@echo off
echo ************************
echo * Welcome %username%   *
echo ************************
REM Disconnect Existing Network Drive Connections
net use j: /delete /yes
net use k: /delete /yes
net use l: /delete /yes
net use p: /delete /yes
net use w: /delete /yes
net use x: /delete /yes
net use z: /delete /yes


REM   Connect Network Drives
net use /persistent:yes


net use j: \\"SERVERIP"\Drawings 
net use k: \\"SERVERIP"\Projects
net use l: \\"SERVERIP"\archive 
net use p: \\"SERVERIP"\Promote 
net use w: \\"SERVERIP"\office  
net use x: \\"SERVERIP"\utilities 
net use z: \\"SERVERIP"\share

Sorry no comments for a while.  He uses this thing and I've been busy elsewhere.

Network card has no flash bios updates.  BIOS for laptop is current. 
Repeatable via wireless or wired card.
I rebuilt profile and it didn't work.
Virus scans are done weekly, so nothing found, I did several spyware
checks also.  Hosts file is empty, and no use of LMHOSTS.
Last thing I tried was I reinstalled all the October 2005 MS hotfixes
that were security related.  Didn't make a difference.

eannatone-ga he can ping and see DNS entries and reverse fine when
connected to VPN.  Your script doesn't help, now I get a "to connect
DOMAIN/username to xxx.xxx.xxx.xxx press enter, or type a new user
name.  Typing in any combination of his username doesn't help.

Recently I was able to log in as him by changing the drive mappings on
the domain to non-persistent, logging off, logging on locally away
from domain on my home network, logging onto VPN, going to Windows
explorer, right clicking a drive, then choosing "explore," about 3
minutes passed, then a logon dialog pops up, I enter his logon info,
it pauses for about another minute, then lets me in, plus lets me into
all drives he normally has access to.  But then I couldn't repeat this
way of getting in.  This doesn't solve the abyssmally long waits he
must endure, between 3 and 6 minutes, unless it times out, in which
case no access.

My theory is that he has some authentication, somewhere, that is being
applied before he can connect to the file server.  The file server he
connects to has about 12 drives he connects to.  I tried mapping him
to other servers' drives throughout the company and no go.