Hello,
I raised a question recently on this issue but unfortunately it didnt solve it after further testing.
Here is a better description of the issue as i now have the laptop for complete testing.
The boss uses a domain laptop for work, when he is at the office he connects to the domain, when at home he just logs on and works with his offline profile. We have now also setup a VPN connection from his home to the office so that he can access the network folders and files rather than just copying them to his laptop as he has done previously!
The vpn connection works fine and you can remote desktop to the server, see the shares and open files, BUT this only works on a non-domain laptop or local login.
With his laptop when logged in with his domain account you cannot access the shard folders. You click on the mapped networks and it starts off with saying they are not accessable, if you then type the address in (\\192.168.1.2\admin) it asks you for the username and password, but then the window just disappears and then reappears to be completed, this just continues and does not logon.
I have tried the previous suggestion of adding the the DWORD value MaxPacketSize=1 to the registry, but this has just resulted in 'logon unsuccessfull, you have logged on using this username and password and the domain controller cannot be found' (or very similar to this!)
Besides the fixed endpoint vpn we also have Sonicwall GlobalVPNclient, oddly, if i connect with this the mapped drives work straight away, if i then disconnect this the mapped network drives still work! I really do not underand this!
Any help would be very welcome.
I have this laptop for the next week so can test properly, and it would be brilliant if this could be fully resolved before the boss returns from his holidays.
Regards
Will
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
No, the vpn connection is made through the modem/firewall (Netgear DG834g) which works fine as i have 1 other non-domain laptop and a pc connected through it to the sever. The shares work just fine on these machines.
I have tried ticking the box on login but this doesnt work as there arent any connections defined for windows vpn.
I assume that you are using DHCP at the office and at the Boss' house to assign IP address, Subnet mask, Default Gateway, and DNS servers.
I assume that this laptop has no problems accessing the share from the office.
I assume that the DNS server that you use in the office is also accessible from his house (via the VPN).
Try manually setting the DNS servers on his laptop to the same IP addresses that he uses at the office.
Also, it would be good to know if this is a problem on this laptop only, or ANY domain connected machine.
Check any third party host firewall configurations. You might consider uninstalling this software TEMPORARILY as a test.
Thankyou for your reply. I think this is where the issue is. The domain laptop when at home is receiving oits ip address from the local modem and not the remote sever. This local iup address is different to that at the office, local is 192.168.11.x and remote is 192.168.5.x.
The bosses laptop when int he office works fine and can access all files just fine.
When at home the modem/firewall/vpn end point issued the local ip, dns, default gateway etc. The setup of the modem is the same as mine and his laptop has the same issue at my location. The dns is set to the remote server but this doesnt help. When using a non-domain laptop the remote drive s work just fine. I presume then that this issue is due to the domain trying to authenticate him and it cant. But should this be an issue when it is a remote mapped drive?
The simple theory had been that when you are using a non domain pc it wasnt an issue to use a vpn mapped drive, but we hadnt considered the issue with a domain laptop logging on.
The vpn connection is from office firewall to remote modem/firewall.
The only real reason for the vpn connection is so the boss can get at the files on the server. He previously held a copy of the data on his laptop which updated daily, which really isnt thw way forward.
Has anyone got any suggestions for a better way to go about this?
I typically provide remote file access to my users in two ways. The first is through an SSL VPN solution and the second is through an FTP site.
What I like about your current solution is that since the VPN is initiated via the Netgear DG834g, the boss turns on the computer and should simply be connected to the SMB shares he usually accesses. As he goes through laptop upgrades, there is nothing to forget to configure on his access. While expensive to provide VPN hardware to employees, it's probably appropriate for the boss.
I want to restate a couple of assumptions before I make a suggustion to ensure I have everything correct so far.
1. The Netgear DG834g is initaiting a VPN connection from the bosses house to the corporate network.
2. You have another Netgear DG834g at your house configured the same way as the bosses Netgear DG834g and you are having the same problem with the bosses laptop at your house.
3. You have non-domain devices at each location (your house and bosses house) that can access the shares.
4. I assume that you have the software, configuration, and rights to uninstall and or reinstall the Sonic Wall client software on the latop (which I believe you said was installed on the bosses laptop).
Questions:
1. Can any laptop which is logged into the domain access shares across the VPN initiated by the Netgear DG834g?
2. What device at the office is terminating the VPN connection initiated by the Netgear DG834g?
3. Besides the Sonic Wall VPN client, is there any other software installed that provides VPN functionality, even if it is not turned on?
4. What firewall/antivirus software do you use?
Recommendations:
1. Try uninstalling the Sonic Wall VPN client (provided you will not have problems putting it back on). While i realize you may have access scenarios that need this software, temporarily uninstalling it will give us valuable information.
2. Uninstall Antivirus/firewall software on the laptop temporarily.
I am assuming "the boss" is using the Netgear VPN client rather than a local VPN router at home:
>>" this only works on a non-domain laptop "
As mentioned earlier; "It has to do with the fact that he is trying to authenticate to the domain (using the VPN) with the same credentials with which he has already accessed the laptop (cached credentials). " Microsoft somehow sees a second connection attempt to the same server using the same credentials, which it will refuse. This can be problematic to locate, but is verified by the fact that local logons or no domain units work. The first step in troubleshooting is to delete all drive existing drive mappings on the laptop, when off site, before connecting the VPN client. From a command line use:
net use /persistent:no
net use * /delete
You can also run into issues connecting to the same resource using 2 different sets of credentials, but try the above first. Once deleted you can remap from home. You may end up needing to have to have 2 different batch files on the desktop with drive mappings for office and off site.
>>"The domain laptop when at home is receiving oits ip address from the local modem and not the remote sever. This local iup address is different to that at the office, local is 192.168.11.x and remote is 192.168.5.x."
The local LAN (at home) must be different from the office LAN in order for routing to take place so that is normal. However the Netgear VPN client should have an IP in the same subnet as the corporate office, and that is usually assigned by DHCP from the Netgear itself. You can only see the client configuration if enabling the VPN Virtual adapter is forced in the VPN client configuration. It is hidden by default.
Alan,
Thank you for you reply, i have made comments to your comments.
Assumptions:
1. the vpn tunnel is always running but can be initiated from the dg834g.
2. A the office we have a sonicwall tz180 firewall. I have a netgear dg834g, exactly the same as the boss and configured the same. The vpn tunnel functions very well on all but domain machines.
3. I have checked both locations with non domain machines and the shares work fine.
4. I have full rights to the laptop.
I am not sure if there is a little bit of confusion regarding the sonicwall global vpn client, this isnt used normally (or planned to be) as we have the static vpn hardware connection.
To answer your other questions:
1. i do not have any other domain machines that i can test with at remote locations, and we only really use the vpn connection in one direction, from home to the office.
2. At the office there is a sonicwall tz180 firewall which is our endpoint for the vpn tunnels.
3. other than the sonicwall software there isnt any other vpn software installed.
4. We use kaspersky AVS on all our machines.
I havent uninstalled either the AVS or VPN software on the laptop currently, but, i have logged onto the laptop from my house as a local admin to the pc, and the there were no issues with connecting into the office on a shared drive. From this i concluded that i doubted that issue was with the software installed. I then logged out and back in on a domain login and the old issue was back where the connection or connecting to a remote drive does not work.
Any ideas? I do not feel that i am getting any closer. Its quite frustrating to be stuck on what shouldnt be an issue.
Any more thoughts would be most welcome.
Regards
Will
RobWill,
Thanks for you words and advice. I have just tried removing all the previously mapped drives that were created whilst at the office. I then tried to connect to the remote drive, which worked perfectly!
Well done for your solution.
Can you tell me how best to go about making this work on a daily basis. Would it be best to write a simple little batch file that is run from home which clears any mapped drives and creates a fresh one? this could then be cleared off when he reconnects to the office and logs in to the domain?
Regards
Will
I assume the office probably applies group policies or logon scripts to create the mapped drives. If so yes a simple batch file on the user's desktop would allow him to quickly delete existing mappings and add the new. At the office it would be best as well if deleting existing mappings was added to the "automated" script so any mapping done at home by your script, or the user "tinkering" are deleted first before the company mappings were applied.
RobWill,
Thanks for your help on this, it now all seems to work just fine. I have created a batch file, the same as is used at the office that can be run when working at home which works a treat.
I just cant believe how much trouble it has been to find the solution to this issue, and the solution is so simple!
Once again, thank you.
Regards
Will
Business Accounts
Answer for Membership
by: RobWillPosted on 2009-08-07 at 17:09:32ID: 25047698
Sounds like you are using a Windows VPN connection. If so:
It has to do with the fact that he is trying to authenticate to the domain (using the VPN) with the same credentials with which he has already accessed the laptop (cached credentials). Windows is fussy about using the same credentials twice and also using different cedentails. The easiest way around it is at logon, with a domain joined PC, there should be a check box to log on using "a dial up connection". Selecting this allows you to choose the VPN connection, which then completes the VPN connection before logon and allows for a proper domain logon where group policy and logon scripts are applied.