Solved

Able to Remote Desktop into Server but unable to access shares

Posted on 2003-11-07
10
5,263 Views
Last Modified: 2008-02-07
I am in WAN that consists of of 38 sites. I just added 4 new windows 2000 Member Servers to 4 different sites. From my computer on my desk i am ABLE to Remote Desktop into the off site server called  "OFFSITESRV1." However, from my desktop on my desk if i go to Start-->Run and enter \\OFFSITESRV1  I receive an error stating "Network Path not Found". So i taught maybe this was a name resolution error so next i tried the static IP address of the server \\10.1.0.92 and I received the same error, "Network Path not Found". Keep in mind that i am able to Remote Desktop from my desk computer into OFFSITESRV1 using both the Netbios Name and the IP address, meaning that an actual connection exist. I am unable to ping becuase the Ping port has been closed due to security reasons. I know that  \\OFFSITESRV1 works because people that are located in the same building as OFFSITESRV1 can print and access shares from that server. Now something else that is rather interesting is that if i go to OFFSITESRV1 and i go to Start-->Run and type in \\mydesktop i am able to acccess shares located on Desk Computers. My question is why am i able to Remote Desktop server into OFFSITESRV1 but unable to access thru \\OFFSITESRV1 or \\10.1.0.92? By the way i am Domain Administrator so it is not a rights issue.
0
Comment
Question by:gbarrientos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 9705627
Remote Desktop uses Remote Desktop Protocol (RDP) 'typically' on port 3389 (which is probably not closed down on your network).  But, as you said the ping port is...
One option is to try via FTP (if you have it installed on OFFSITESRV1) to access your shares, or vpn.
Otherwise, allow access through the appropriate port(s) for network access:
 (Port listings: http://www.iana.org/assignments/port-numbers)
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9705640
I think we should focus on the "Network Path not Found".  My guess would be that the engineer who configured the router at OFFSITESRV01 has closed/not opened an essential port for incoming traffic, or there's a small flaw in a security policy somewhere.

But guessing is never good enough, so here's the interview (shotgun style ;-):

1. Is OFFSITE 1 the only problematic site, or does the problem apply to all 4 sites ?
1. Do you use different IP subnets for each off-site?
2. Do you use VPN-tunnels?
3. If so: are the VPN-tunnels Win2000-based, or other (Cisco?) ?
4. "Remote Desktop", - do you mean administrative Terminal Services ?
5. Do you run Win2000 DNS and does it have the WINS through DNS resolution enabled ?
6. is it possible to "Start-->Run -->  \\OFFSITESRV1" from any box on your central subnet (neighbours to your wks) ?

Kind regards,
Sven
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 9705946
It is very different. On "Remote Desktop" it mean offer the remote service to you if you have the username & password. But "\\OFFSITESRV1 or \\10.1.0.92" The server will not share the resources directly to the internet. If true, do you think it is many dangerous, right ? (It is involve the routing & network configuration)

On the other hand, normally you can do it on local building. I believe you are success to go into the your own LAN. (Supposed you login to the your local domain & access all domain resources, and assign the local IP from DHCP.. e.g. 192.168.0.1 ... etc.) So why can do it on your building only.

If you want to solve it. You should build up the VPN-tunnels (with encrypt security) from Win2000 server side. And create the VPN Dialup from your Desktop. Therefore you are able to directly dialup to go into the domain through internet, then you should do it as you want.

I hope it can help.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 9

Author Comment

by:gbarrientos
ID: 9706147
Okay here are some of the answers to the questions above.  OFFSITESRV1 not the only problematic server. Out of the 4 servers i am only able to reach OFFSITESRV2 by using Start-->Run -->  \\OFFSITESRV2. OFFSITESRV2 is not located on the same site as OFFSITESRV1.  Each site does have a different subnet, there are 5 v-lans, both my computer on my desk and servers sit on the same v-lan.  No we do not use vpn tunnelling. Yes by Remote Desktop i do mean Administrative Terminal Services (sorry for any conffusion Remote Desktop is the name WinXp Pro uses.) I also tried accessing \\OFFSITESRV1 from the Domain Controller and other workstations located on the same V-LAN and the same problem occurs I Administer the server thru Terminal Services but i cant reach it using \\name-of-server or \\IP-Address. Keep in mind that name resolution is not a problem, as the problem occurs even when using the IP address of the sever. All sites are linked together via Duel T1 WAN-Links. Flawed security policies on the routers dont seem to be the problem because if that was so i wouldnt be able to Terminal Service into the server in the first place. Also remember that the server is able to access a share on my computer meaning that communication is allowed.
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 500 total points
ID: 9706703
The fact that you're able to open a Remote Desktop Session only shows that one or some ports are open, - not that the required ports for RPC, etc. is available (and a remote session is special security policy-wise: it is actually considered similar to a local access). A remote desktop session isn't much more advanced than a telnet session, - no domain security rearding the network connection.

That the server is able to use shares on your computer does not tell us anything but the fact that traffic initiated at the remote site will be accepted. If the remote routers does not allow incoming traffic on the relevant ports, you will not get in.

My best bet is still on the remote routers, - routers at your end would not normally have ny restrictions on any connection that you initiate and the same applies to the remote site: any connection initiated from their end will also normally be allowed to go out through their router. (by 'normally' I mean the default policy of a router/firewall).


I forgot to ask: what info did you find in your logs for the failed connection attempts?

Unless anyone have an inspired moment and comes up with a ready solution, I believe we shall have to test the required routes. A quick way would be: open a remote session to the \\OFFSITESRV1 and access the router/firewall at that end from there (what make of router/firewall do you use ?). Get a copy of the configuration and check that incoming traffic from your HQ is fully allowed ( or remove sensitive addresses from the file and post it here, - we'll try to help as much as we can).

Kind regards,
Sven



I still think we need to investigate TCP/IP access on router level from your office to OFFSITEs.
0
 
LVL 1

Expert Comment

by:parturi
ID: 9706997
I did get the same problem as you, don't know why but, when I tried to map a network drive I did get the same error, all the time I right click on "My Network Places" and then typed \\x.x.x.x\$C, I was prompted for usr and pwd and then I got connected. Some times, when I do the same I got "path not found", but if I enter user name and password in "Connect using a different user name" before I can connect.

0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707201
RDP access uses port 3389.  Netbios access (to be able to use \\OFFSITESRV1) uses port 139.  Having RDP access does not guarantee netbios access.  Unless your desktop and OFFSITESRV1 are on the same network (and it sounds like they are not), then there are routers that lie between your desktop and OFFSITESRV1.  These routers are currently configured in a way that don't permit netbios access.  There are ways to fix this, but we would need to know more about your network topology (per Sven).
0
 
LVL 9

Author Comment

by:gbarrientos
ID: 9708127
Great i took a look at the configuration inside the Cisco router and found an access list that was blocking some inconming traffic. Which now raises a security issue. Because of the fact that all configurations on all the routers are pretty much copied and pasted the only difference is the IP address and helper address made me think that access list wouldnt be a problem. But i stayed up all last night and compared configurations for some reason ports were being blocked for no reason. Thanks alot guys.
0
 

Expert Comment

by:nrpb
ID: 10712124
I have a windows 2003 server for small business, but my problem is, from my server i'm unable to access other computers on my workgroup, the error i get is "Network Path NOt Found". But sometimes i'll be able to access other computers.  What will be the problem and can anybody provide possible solutions.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10715626
nrpb - this thread has been closed for a long time.
Your best bet is to post a new question and assign points to it to attract experts to helping you...
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Recently I was talking with Tim Sharp, one of my colleagues from our Technical Account Manager team about MongoDB’s scalability. While doing some quick training with some of the Percona team, Tim brought something to my attention...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question