Sindric1
asked on
Problem Mapping Drives to DFS shares over VPN
I have seem be having a problem with accessing network services via a VPN connection to my Win2k3 network.
When my users (using WinXP Pro SP2) make a VPN connection to the network they have problems mapping drives to the DFS folders.
For Example, if they map a to the DFS root (\\Domain\DFSRoot) they cannot connect. But if they map the drive to the full path (\\Server\Share) it works fine.
I have tried tracking down the problem:
1. Ensure Enable NetBIOS over TCP/IP - OK
2. Ensure “Enable LMHOSTS Lookup” is checked and LMHOST is correct - OK
3. Ping PDC and BDC with NetBios Name - OK
4. Ping other servers not listed in LMHOST with NetBIOS Name - OK
5. netdiag.exe, however every time I ran it the problem disappeared till the next logon…
6. dfsutil.exe, this seems to point out that the computer has not synchronised with the network, so if I wait for about 5 to 10 min after connection via the VPN and then try and map the drive everything works…
Can anyone help me? Is there a way to force the sync to happen earlier? Or with the command line?
THX
Tod
When my users (using WinXP Pro SP2) make a VPN connection to the network they have problems mapping drives to the DFS folders.
For Example, if they map a to the DFS root (\\Domain\DFSRoot) they cannot connect. But if they map the drive to the full path (\\Server\Share) it works fine.
I have tried tracking down the problem:
1. Ensure Enable NetBIOS over TCP/IP - OK
2. Ensure “Enable LMHOSTS Lookup” is checked and LMHOST is correct - OK
3. Ping PDC and BDC with NetBios Name - OK
4. Ping other servers not listed in LMHOST with NetBIOS Name - OK
5. netdiag.exe, however every time I ran it the problem disappeared till the next logon…
6. dfsutil.exe, this seems to point out that the computer has not synchronised with the network, so if I wait for about 5 to 10 min after connection via the VPN and then try and map the drive everything works…
Can anyone help me? Is there a way to force the sync to happen earlier? Or with the command line?
THX
Tod
ASKER
thanks for the link,
i looked into it, but it seems to be automaticly applied in Win2k3 and WinXP.
i looked into it, but it seems to be automaticly applied in Win2k3 and WinXP.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I split the points 100 to the link “How DFS Works” because there is a lot of good info in there. I also found from it that you can add a registry entry DfsDcNameDelay to change the time it checks for Domain Controllers with Root info. I also found that this was in Group Policy Admin Template Computer\Network\Sets How Often a DFS Client Discovers DC’s. The default minimum is 15 minutes, I managed to change it to 1. While this can make a difference it will also increase the demand on the connection and overall network traffic.
So I gave the other 400 points to the stop and start of services. It work for the most part, but you have to make sure you grant the user the right privileges to do so. I used Group Policy Computer\Windows Settings\System Services and granted the local users the ability to start, stop and pause the specified services.
Thanks for your help.
Tod
So I gave the other 400 points to the stop and start of services. It work for the most part, but you have to make sure you grant the user the right privileges to do so. I used Group Policy Computer\Windows Settings\System Services and granted the local users the ability to start, stop and pause the specified services.
Thanks for your help.
Tod
I'm not a guru here but had a problem with this myself. Activating the slow link setting in Group Policy for my VPN users group fixed it for me.
If its more that that I'm probably not your tech here.
Best of luck