susancarruth
asked on
Printing Connected to VPN
I have a user that works from home and connects to our network through a VPN. He is running W2K SP4 (which I reinstalled) on his laptop. He has a printer at home connected to a Windows ME PC. Whenever he connects to the VPN he can use the printer and view the shares on the ME PC. If he isn't connected to the VPN he can't. He can resolve the name of the PC. I spent several hours and tried a lot of different things (too numerous to even mention) to solve the problem but haven't come up with a solution.
ASKER
We don't have any group policies set. He can ping the ME PC by name and address.
If he can ping, he can print.
I would hazard a guess at there being some firewall software on the other ME machine that is only allowing a connection from your VPN pool, rather than his own private pool.
I would hazard a guess at there being some firewall software on the other ME machine that is only allowing a connection from your VPN pool, rather than his own private pool.
ASKER
He does have Zone Alarm running. We disabled it but maybe we should uninstall it completely. Is it possible that uninstalling as opposed to disabling could make a difference?
If you're using ICS (Internet Connection Sharing) then you need to uninstall / reinstall this if ever you remove ZoneAlarm.
http://support.microsoft.com/default.aspx?scid=kb;en-us;302951
Also, if bits of ZoneAlarm are still on the system, manually remove it:
http://nh2.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html
Does logging onto the VPN authenticate the user in any way ? It could be that the ME resources are being shared as per domain credentials, which would explain why he couldn't access them.
From the laptop, try these commands:
net view \\ME_MACHINE
nbtstat -a ME_MACHINE
Do they list anything ? Try this with and without the VPN connection. This will tell me whether or not the sharing ports are open on the ME machine. If they're not, then chances are the ME machine is preventing this, so you need to open it up.
http://support.microsoft.com/default.aspx?scid=kb;en-us;302951
Also, if bits of ZoneAlarm are still on the system, manually remove it:
http://nh2.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html
Does logging onto the VPN authenticate the user in any way ? It could be that the ME resources are being shared as per domain credentials, which would explain why he couldn't access them.
From the laptop, try these commands:
net view \\ME_MACHINE
nbtstat -a ME_MACHINE
Do they list anything ? Try this with and without the VPN connection. This will tell me whether or not the sharing ports are open on the ME machine. If they're not, then chances are the ME machine is preventing this, so you need to open it up.
ASKER
I won't be able to try the fixes until at least Thursday. One other thing that might help.: When he tries to view the shares on the ME machine he gets a message that there are no logon servers available.
So the laptop is a domain member, but the ME is a workgroup member ?
In this case, make sure usernames and passwords are synchronised on both boxes, and that ME's workgroup name matches the laptop's domain name.
Alternatively, when the laptop tries to access the ME resource, use the syntax - username = me_machine\username, rather than just username, so that the auth process knows to use me_machine's account database.
In this case, make sure usernames and passwords are synchronised on both boxes, and that ME's workgroup name matches the laptop's domain name.
Alternatively, when the laptop tries to access the ME resource, use the syntax - username = me_machine\username, rather than just username, so that the auth process knows to use me_machine's account database.
ASKER
The ME machine doesn't have a logon. I did try using the username syntax but cam up with the same error.
Am I right in saying the laptop is a domain member, but the ME is a workgroup member ?
ASKER
That's correct. The ME machine's morkgroups has the same name as the domain.
If the ME machine doesn't have a logon, is the printer resource shared to 'Everyone' ?
ASKER
I was able to fix the problem - sort of. I ran a net use command from the 2000 to the ME machine. After that he could browse that machine AND map a network drive. He couldn't map one or browse before I used the net use command.
I ran the command like this:
net use \\machine_name /user:username(on ME machine)
I still don't know what caused it, but at lease now it's fixed. Every so often the error comes up again but I just created a .bat file to run the command since any other troubleshooting would probably require me to have the laptop and he doesn't have a convenient time to let go of it.
I ran the command like this:
net use \\machine_name /user:username(on ME machine)
I still don't know what caused it, but at lease now it's fixed. Every so often the error comes up again but I just created a .bat file to run the command since any other troubleshooting would probably require me to have the laptop and he doesn't have a convenient time to let go of it.
Doing a net use to the machine name alone will effectively enable access to all shares on that machine without having to authenticate - maybe the logon syntax was incorrect ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can he PING the ME PC from his laptop ?