Solved

Can I do a site-to-site NET USE?

Posted on 2006-06-11
25
264 Views
Last Modified: 2013-11-21
I would like to do a site-to-site NET USE.  I can do it successfully on the LAN - net use x: \\xxx.xxx.xxx.xxx\sharename /user:username password

Now, I would like to do it from outside the LAN.  When I try, I get either "System Error 5 has occurred.  Access is denied."  or "The path cannot be found."  I did some research and believed I needed to open ports 137-139 and forward them to my machine with the shared resource.  Also the IP above was the public IP of my router.

Alternatives might be WebDAV, VPN, remote desktop, etc.  But I really would like to do it this way.  Any ideas?
0
Comment
Question by:TechAssist
  • 9
  • 8
  • 3
  • +3
25 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
The only way to do it securely is using a VPN. Any other method will expose your system/s to any user on the Internet.
0
 
LVL 4

Expert Comment

by:tomerlei
Comment Utility
If it's windows 2000 or above all you need is to forward port 445, but this is a major security risk.

you can read more in about it in:
http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm
0
 
LVL 44

Expert Comment

by:scrathcyboy
Comment Utility
NET USE is a dos-level command (also XP command level) access to LOCAL -- i.e. LOCAL -- network shares.  The only way you can access LOCAL network shares is either --
1.  be attached to the local network, or
2.  VPN into the local network, which is the SAME as if you are connected locally, the VPN login makes you "local" as far as the OS is concerned.

Therefore NET USE is either if you are cabled to the local network, or if you are VPNing into it, same thing.
0
 
LVL 9

Expert Comment

by:conradie
Comment Utility
Just to add my 2c to the mix- I agree with the previous posts- do NOT open these ports to the internet. VPN is a better solution, and is easy to implement. If you MUST do it this way for whatever reason you COULD just allow these ports through your only with a source IP of wherever you need to do this from, but a VPN is definitely a better solution.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
You need to create a VPN between machines.

But it can be done very easily. All you need to make sure that your machines are accessible on internet with public IPs.

It you are using router then you need to do port forwarding or static Natting.

Here is the link for how to configure VPN on Windows XP/Windows 2Km Pro.

Configure one machine to host VPN and dial a VPN from other.

Then both of the machines will be connected as if like local LAN.

http://support.microsoft.com/?kbid=257333
0
 

Author Comment

by:TechAssist
Comment Utility
Thx for the advice, I won't do the net use.  So I'm going with the VPN option.  I'm getting an error 721:  The remote computer did not respond.  

I set up a VPN connection on my computer with resources.
Forwarded ports.
Enabled the specified user to connect.

Any ideas?
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Which port have you forwarded?
0
 

Author Comment

by:TechAssist
Comment Utility
1723
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
721 usually indicates blocked GRE packets. GRE is protocol 47 (not port 47) and on many SOHO routers is enabled with an option on the router called "enable PPTP pass-through" or "Enable VPN pass-through". Is that an option on yours? If not could you provide make and model of modem and router and we can try to be more specific.
This assumes you have forwarded TCP port 1723, which is all that is required for a standard Windows PPTP tunnel.
0
 

Author Comment

by:TechAssist
Comment Utility
It's a DLink DI-524.  Thanks.
0
 

Author Comment

by:TechAssist
Comment Utility
I found the setting on the Dlink.  It's enabled for IPSEC and PPTP.  
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Confirm the port forwarding configuration for TCP 1723 at:
http://www.portforward.com/english/routers/port_forwarding/Dlink/DI-524/Point-to-Point_Tunneling_Protocol.htm
and...
To enable GRE pass-through, go to on the D-Link DI-524 go to  the Tools/Misc page and check the PPTP box under "Allow VPN connections to work through the DI-524"
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Sorry, didn't see your last post before posting. The other possible issue is the modem is a combined modem and router which is why I was asking it's make and model. Verify your D-Link does not have a private IP assigned to it. To do so check the Status page of the D-Link under WAN IP address (not LAN) and make sure it doesn't have a 192.168.x.x, 10.x.x.x, 172-16.x.x.x address. If it does the modem will have to be put in bridge mode.

You can test if the port forwarding is working properly. To do so log onto the computer you are connecting to, the VPN server and go to  http://www.canyouseeme.org and test for port 1723.  This will not test for GRE.
0
 

Author Comment

by:TechAssist
Comment Utility
Yep, I have a public IP.. the box in question has other stuff (web server, remote desktop) working properly, the public IP traffic is forwarded properly.  

Canyouseeme says 1723 is open.  Cool site I'll have to remember that one.  Still doesn't solve my problem..
0
 

Author Comment

by:TechAssist
Comment Utility
Another FYI I am seeing this in the event log.  Thx for the help

Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20049
Date:            6/13/2006
Time:            4:20:43 PM
User:            N/A
Computer:      xxxxx
Description:
The user connected to port VPN6-1 has been disconnected because the authentication process did not complete within the required amount of time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
This is a good article for PPTP configuration.

http://www.tomsnetworking.com/2003/05/20/how_to_vpn_firewall/
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
-Was the error from the client or the server? looks like the server which would indicate the initial connection started.
-Are you using a wired or wireless connection? If wireless try wired as a test.
-how far do you get with the connection, do you hang on verifying user name and password ?
-Might help if you post the results of   route print    from the client machine while it is connecting. If not familiar with the process, at a command (DOS window) line enter:
route  print  c:\file.txt
then open the created file and copy and paste the results. Your public IP shouldn't be included in that but if it is block the last 2 octets such as 205.123.x.x  Private IP's are safe to post.


0
 

Author Comment

by:TechAssist
Comment Utility
Thanks Robwill for cracking at it with me.

Error on server.
Wired cxn.
Hangs on verifying username and pwd before timing out.
Results of route print:

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 09 68 ea ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 13 ce 1e a6 26 ...... Intel(R) PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport
0x10005 ...00 10 c6 91 97 6b ...... Bluetooth Personal Area Network from TOSHIBA - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.3        25
   69.139.xxx.xxx  255.255.255.255      192.168.1.1     192.168.1.3        25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3        25
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1        25
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3        25
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3        25
  255.255.255.255  255.255.255.255      192.168.1.3               2        1
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3        1
  255.255.255.255  255.255.255.255      192.168.1.3           10005        1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

FYI the PC on the target network is 10.10.208.4.. I don't see it anywhere here.  Hmm.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"Thanks Robwill for cracking at it with me."
Very welcome. Love a challenge  :-)

I am assuming there is only one network adapter on the system you ran the route print on.
Therefore, it looks like the VPN virtual adapter was assigned an IP of 192.168.1.3 which is odd. It should be assigned an IP in the same subnet as the remote network 10.10.208.x with a subnet mask of 255.255.255.255 Perhaps the VPN server end is not set up correctly. Have a look at the following site and verify the assigned address range is configured correctly. It should be part of your 10.10.208.0 subnet:
server 2003:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
server 2000:
http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm
XP VPN server:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
0
 

Author Comment

by:TechAssist
Comment Utility
No dice.  It's on XP, setup the same way.  Still getting the same error in the event log.  Argh.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
So the VPN server is an XP machine ?
If so on the "Incoming TCP/IP Properties" page, "Specify an IP address" is checked, and the IP range is what ? It should be something like 10.10.208.101 to 10.10.208.120
0
 

Author Comment

by:TechAssist
Comment Utility
Yep, it's checked, and I have a range of 10.10.208.20 to 10.10.208.30.  
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Sorry, earlier I said the route print indicated the virtual adapter was assigned an IP of 192.168.1.3, which is wrong....must have been late :-) There is no assigned IP, so either that function is not working properly or you ran the rout print at a time the connection had not been partially connected.

Mmmmmm....
A few common causes/solutions of a 20049 error:
-Authentication issues -you must use a secure password. I have no seen a definition of this but try 7 characters with mixed upper and lower case and at least 1 number or character. A blank password may not work at all
-Hardware- although rare it can be a case of bad NIC drivers or the NIC doesn't support PPTP.
-On the clients VPN virtual adapter, right click and choose properties. Go to the networking tab and under VPN type in the drop down menu choose PPTP instead of automatic. Someone else here recently resolved a connection by un-checking all boxes on the settings button, though I have not seen this as a Microsoft solution.
-Blocked GRE packets as discussed before. If you can maintain a basic connection but not communicate there is a test for this but you haven't been able to get that far. On the client's end, try bypassing the router and connect directly to the modem. Make sure virus protection and such is enabled.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now