barthalamu
asked on
can't map to a network drive while using Secure Remote
Hello:
I am able to log into my network through a Checkpoint Secure Remote connection from home just fine. From there, I can ping, connect to servers using terminal services, etc. Everything seems fine, until I want to map a drive from my home computer to one of the servers in the office network. The permissions are fine. It just doesn't map it. It says it cannot find it. I have tried it both by name and IP address. I can ping the IP address however, and can see the little checkpoint envelope in the systray sending data both when pinging the address (which works) and while trying to map a drive. (which doesn't)
I can't think of anything blocking it at this point. No firewall on my home machine or on the server in the office is blocking it. Once I VPN into the network, no firewall is in between my connection and the server. Of course I can map this drive just fine on an office pc, just not while I am connected via VPN.
Is there something I am missing?? I do not control the Checkpoint server, could it be being blocked by the checkpoint server?? Thanks for the help.
I am able to log into my network through a Checkpoint Secure Remote connection from home just fine. From there, I can ping, connect to servers using terminal services, etc. Everything seems fine, until I want to map a drive from my home computer to one of the servers in the office network. The permissions are fine. It just doesn't map it. It says it cannot find it. I have tried it both by name and IP address. I can ping the IP address however, and can see the little checkpoint envelope in the systray sending data both when pinging the address (which works) and while trying to map a drive. (which doesn't)
I can't think of anything blocking it at this point. No firewall on my home machine or on the server in the office is blocking it. Once I VPN into the network, no firewall is in between my connection and the server. Of course I can map this drive just fine on an office pc, just not while I am connected via VPN.
Is there something I am missing?? I do not control the Checkpoint server, could it be being blocked by the checkpoint server?? Thanks for the help.
Is your home machine XP Pro? and if so, are you authenticating against a server at home? If so, try to attach to the office share without authenticating against your home server.
Try creating a local logon on your home machine with the same username and pasword as you use at the office. Try logging off and back on as that user just before attaching to the remote resource. If your using 98, you may need to wipe the .pwl files in the Windows directory.
Also, check to see if you have an lmhosts file, if so make sure there is nothing goofy in it (like the wrong address for the foreign network's security providers)
Finally, try creating a local lmhosts file containing at least one member controller on the foreign network (via the #DOM:domain and #PRE: attributes)
Good luck
Afro
Try creating a local logon on your home machine with the same username and pasword as you use at the office. Try logging off and back on as that user just before attaching to the remote resource. If your using 98, you may need to wipe the .pwl files in the Windows directory.
Also, check to see if you have an lmhosts file, if so make sure there is nothing goofy in it (like the wrong address for the foreign network's security providers)
Finally, try creating a local lmhosts file containing at least one member controller on the foreign network (via the #DOM:domain and #PRE: attributes)
Good luck
Afro
Normally a Checkpoint configuration does not block traffic inside a VPN tunnel (although it is perfectly possibe). As stated by afrosonic, you could try to use a lmhost file -or- use WINS to resolve client names. Did you enable Client for Microsoft Networks on your adapter that connects via VPN? It is still needed if you want to do mapping or use Outlook Exchange.
ASKER
Thanks for everyones responses, unfortunately they did not help...
foad: Yes, I have been trying to map to the share using the full path, and the IP address as the computer name. As I said, I can ping the computer by IP address, just not map a drive.
afrosonic: My home machine is windows 2000, as is the remote machine. Although I am getting a "network path \\192.168.11.203\doc_share
Darq_Messiah: Both machines have Client for Microsoft networks enabled.
Thanks for all the help. Please let me know if you have any more suggestions. Thanks!
foad: Yes, I have been trying to map to the share using the full path, and the IP address as the computer name. As I said, I can ping the computer by IP address, just not map a drive.
afrosonic: My home machine is windows 2000, as is the remote machine. Although I am getting a "network path \\192.168.11.203\doc_share
Darq_Messiah: Both machines have Client for Microsoft networks enabled.
Thanks for all the help. Please let me know if you have any more suggestions. Thanks!
what about going into the network properties, lan connection and add your corportaes WINS server address? this has helped me before...
Hi All,
WINS is just one part of the issue. The SecureRemote client has a setting for Domain Logon, which has to be set in order for this to work.
Check the menu for something called SDL (Single Domain Logon). This will make sure that your password will be passed on via the VPN
to the Domain Network.
By default, Windows Domains are not routed from the local network, and while working with a VPN client, you're in routing mode.
Enabling that feature will ensure that the firewall will present itself to the domain as you, and will allow that NBT traffic to go through
correctly. If you would like to resolve by names, make sure that you have a WINS server installed on your domain controller, make
sure that you enable WINS on your dial-up adapter, and you should be OK.
I also suggest configuring the SSO option in SecureRemote (Single Sign-On), it will save you many times of entering your VPN
passwords over and over and over again.
Regards,
NocMan
AKA: Lord Stroud
www.net-gurus.net
WINS is just one part of the issue. The SecureRemote client has a setting for Domain Logon, which has to be set in order for this to work.
Check the menu for something called SDL (Single Domain Logon). This will make sure that your password will be passed on via the VPN
to the Domain Network.
By default, Windows Domains are not routed from the local network, and while working with a VPN client, you're in routing mode.
Enabling that feature will ensure that the firewall will present itself to the domain as you, and will allow that NBT traffic to go through
correctly. If you would like to resolve by names, make sure that you have a WINS server installed on your domain controller, make
sure that you enable WINS on your dial-up adapter, and you should be OK.
I also suggest configuring the SSO option in SecureRemote (Single Sign-On), it will save you many times of entering your VPN
passwords over and over and over again.
Regards,
NocMan
AKA: Lord Stroud
www.net-gurus.net
ASKER
nocman:
Thanks for the advice. The computer that I am trying to map a drive to is not even associated with a domain though. It is just a stand alone computer. Is there something special that needs to be done to map a drive to it??
Thanks for the help.
Thanks for the advice. The computer that I am trying to map a drive to is not even associated with a domain though. It is just a stand alone computer. Is there something special that needs to be done to map a drive to it??
Thanks for the help.
Hmmmm.....
Nothing really needs to be done in order to map a drive, it's a built-in functionality. However, I would suggest trying
installing a WINS server on the network. Apart from that, I'm not entirely sure.
What version of CheckPoint are you using exactly ?
NocMan
Nothing really needs to be done in order to map a drive, it's a built-in functionality. However, I would suggest trying
installing a WINS server on the network. Apart from that, I'm not entirely sure.
What version of CheckPoint are you using exactly ?
NocMan
ASKER
Hello All:
I did install a WINS server on my network, but it did not seem to help the situation. I also added the WINS server to my network adapter at home, and tried using an lmhosts file, but this did not work either.
I noticed that "NetBIOS over TCP/IP" was disabled, so I enabled it. Again this did not help matters though.
nocman:
Unfortunately I am not sure what version of Checkpoint it is. It is a checkpoint server for the entire building, which is administered by the building, and not my company.
Thanks for all the help. Can anyone think of anything else to try?? Thanks.
I did install a WINS server on my network, but it did not seem to help the situation. I also added the WINS server to my network adapter at home, and tried using an lmhosts file, but this did not work either.
I noticed that "NetBIOS over TCP/IP" was disabled, so I enabled it. Again this did not help matters though.
nocman:
Unfortunately I am not sure what version of Checkpoint it is. It is a checkpoint server for the entire building, which is administered by the building, and not my company.
Thanks for all the help. Can anyone think of anything else to try?? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi barthalamu,
If your attempting to access a shared folder on your home pc from your office site have you attempted to access it by connecting as a different user name. The different user name being one that is local to the resource. As in follows:
Choose drive letter you wish to assoccaite with the share
enter path \\192.168.11.203\doc_share
Then select connect using a different user name
In the selection box enter the appropriate detail.
Username = if not a member of a domain then workgroup name
eg. workgroup\user account which has local rights to the shared folder.
Then the password which allows that account access.
I think your home pc is not identifying your office domain/user account as the account which has the permissions to access it's shared folder.
I hope this can assist in your efforts to gain access to your home pc share.
If your attempting to access a shared folder on your home pc from your office site have you attempted to access it by connecting as a different user name. The different user name being one that is local to the resource. As in follows:
Choose drive letter you wish to assoccaite with the share
enter path \\192.168.11.203\doc_share
Then select connect using a different user name
In the selection box enter the appropriate detail.
Username = if not a member of a domain then workgroup name
eg. workgroup\user account which has local rights to the shared folder.
Then the password which allows that account access.
I think your home pc is not identifying your office domain/user account as the account which has the permissions to access it's shared folder.
I hope this can assist in your efforts to gain access to your home pc share.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, completely forgot.
Nocman, SDL is a Secure Domain Logon, and what it does - it prevents Netlogon service to be started before SR_Service is - then SR creates a VPN channel with the FW, and passes your Windows logon credentials to the PDC or AD.
AFAIK, SSO doesn't help you with reauthentications, it just saves the first one, but if you have 'cached credentials' option turned on, this will spare some pop ups.
Nocman, SDL is a Secure Domain Logon, and what it does - it prevents Netlogon service to be started before SR_Service is - then SR creates a VPN channel with the FW, and passes your Windows logon credentials to the PDC or AD.
AFAIK, SSO doesn't help you with reauthentications, it just saves the first one, but if you have 'cached credentials' option turned on, this will spare some pop ups.
True True, I simply forgot :-)
ASKER
Thanks to all. I was able to get a hold of the people who manage the VPN (no easy task) and I found that they indeed to block this access. I have since set up my own VPN. Thanks for all the help!!
and edit lmhost and host files with server names to ip address's..
AL