Solved

Having issues with VPN Xp Pro clients seeing shares on server running 2K3

Posted on 2006-10-25
14
273 Views
Last Modified: 2010-03-19

       Hello, I have recently starting working for a small company in what was supposed to be an assistant to the NetAdmin position, however, shortly after I was hired he quit and everything has since fallen into my lap to complete.  The reason I state this is because while I am somewhat familiar with networking some of this may be above my level so I might ask allot of questions or need things explained to me in detail, so go easy on me.

My problem is this, I have a server that is using 2K3 as the OS, I am able to get the clients from the 5 outside offices to connect and authenticate to the server however I am unable to view any shares, I connected each of the other 5 computers to the domain before sending them out to the other offices.

When the clients connect they are being assigned a IP between 192.168.1.200 and .220 from the server, however normally I am using a LinksysBFSR81 Ver2 as the DHCP server while the 2K3 is handling DNS, VPN, File, WINS, and DC roles for the Network.   I have read some other questions about this problem but the solutions have not worked for me or I am not implementing them correctly mainly adding a WINS server and enabling NETBIOS over TCP/IP on both the server NICs and the Clients.  My boss does not want to spend the additional funds to purchase new routers with VPN end point options for the company she would like for me to solve this with what is available to me.

I am not sure what other information you need to know but let me know and I will get it to you stat.  
Thank you in advance.  
0
Comment
Question by:Pe12f3cT_d12uG
  • 8
  • 6
14 Comments
 
LVL 26

Expert Comment

by:lnkevin
ID: 17807181
According to what you said, you currently have a router. What type of router is it? Do you have firewall access? In order to access to your server from remote location (outside offices), you need to have access through your firewall. Let us know about your network setup. I know you have a small network, but I want to know more about your router and firewall setup. Your problem mostly relying on the firewall access. If you can get in your firewall and configure a secure VPN chanel connecting to your remote offices, you can access your file share.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17807215
Another thing, go in your remote location computer that connecting to the network type ipconfig /all and compare the setup with your 2K3 server. Let us know the result.

K
0
 

Author Comment

by:Pe12f3cT_d12uG
ID: 17812068
  The router is listed above it is a Linksys BFSR81 Ver 2 I guess more of a switch/router, it is configured with port forwarding for ports 1723, 500, 50-51.  I am using a software firewall, Zone Alarm Pro, also configured to allow the IPs of the other offices through.  

The satellite offices use Norton system works I am able to connect and authenticate to the server however no shares are able to be seen.  I have tried to disable both ZApro and Norton to see if that would fix the issue but that was not successful.

The current set up for the Network here is:


                                                    ---------Server2K3 (Two NICs 192.168.1.10 and .11)  .11 handles the VPN request
Cable Modem----Linksys (BFSR81)--|
                                                    --------------6 other clients


     The ipconfig of the server:
                                          Linksys NIC:
                                                             DHCP : no
                                                              IP     : 192.168.1.11
                                                          SUBNET: 255.255.255.0
                                                              DNS  : 192.168.1.10
                                                         Gateway : 192.168.1.1
                                                             WINS : 192.168.1.11

                                          Onboard NIC:
                                                              DHCP: no
                                                              IP     : 192.168.1.10
                                                          SUBNET: 255.255.255.0
                                                               DNS: 127.0.0.1
                                                         Gateway: 192.168.1.1
                                                             WINS: 192.168.1.11

          The ipconfig of the sattelite office:
           (VPN)                                           DHCP: no
                                                              IP     : 192.168.1.201
                                                          SUBNET: 255.255.255.255
                                                               DNS: 192.168.1.10
                                                         Gateway: 192.168.1.201
                                                             WINS: 192.168.1.11
                                                       
     
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17812855
Do you have Zone alarm in sattelite office, too? The IP addresses that you post are Private IP. You need to configure your Zone alarm to enable the public IP of your satelite office. First, you want to find out what is your public IPs on the satelite office. Set you PC with the public IP. If you have a router in satelite office, you only need to set the public IP of the router on Zone Alarm.

If you can, set one of your satelite PC to dhcp and do ipconfig /all. It will tell you your public IP or on the IE browser type: www.whatismyip.com it will show you what is your public ip. You need to set this public IP on your Zone Alarm instead of the private IP 192.168.X.X

Good luck

K
0
 

Author Comment

by:Pe12f3cT_d12uG
ID: 17813052
    No I only have Norton System Works running on the satellite computers.  Zone Alarm is running on the server.
Zone Alarm is configured to allow the static public IPs of the other offices through i.e 24.172.x.x.  Even when I disable both of the security programs, I still run into the same issues.

     Currently I am able to see the clients when they connect to the server by using the RRAS applet in server2K3.  They are being assigned an IP Address between 192.168.1.200-220 once the client authenticates to the server.  However, I am unable to see the shared folders or server in my network neihborhood.  I thought this was a NETBIOS issue since it is not transmitted through the VPN tunnel however after adding the role of WINS server to the 2K3box, not sure if it was done correctly, and allowing NETBIOS over TCP/IP I still have no luck in browsing the shared folders or server from the satellite offices.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17815813
You said you are able to connect to your server. I assume that you can ping your server. I really don't know how RRAS applet work, but if you can connect to your server try to open command line and map a drive to your server using net use z: \\yourserver IP
I would like to see if you have permission issue or you did not really connect to the server.

You can also try to ping to your server using server name instead ip to see your DNS get resolved or not. If you have DNS not resolved, you can manually edit your host name:

start, run, drivers, etc, hostname and type your server IP address then its name on the bottom of the file then save it example

192.168.x.x servername

Let us know the result

K
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17815829
I forgot to tell you that you can try to add your server name in your client host file and adding client name and IP in server host file

K
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Pe12f3cT_d12uG
ID: 17820176
Here is detailed IP Config for you K.
Server first.
Windows IP Configuration

   Host Name . . . . . . . . . . . . : xxx-server
   Primary Dns Suffix  . . . . . . . : MyDomain.org
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MyDomain.org

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-54-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.130
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter  VPN:

   Connection-specific DNS Suffix  . : MyDomain.org
   Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LN
E100TX v4)
   Physical Address. . . . . . . . . : 00-14-BF-5D-A6-BF
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.10
   Primary WINS Server . . . . . . . : 192.168.1.11

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-15-F2-9E-2E-F0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   Primary WINS Server . . . . . . . : 192.168.1.11

Satellite Office while connected to VPN
Windows IP Configuration

       Host Name . . . . . . . . . . . . : hb-office
       Primary Dns Suffix  . . . . . . . : MyDomain.org
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : MyDomain.org

Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
       Physical Address. . . . . . . . . : 00-E0-4D-01-07-69
       Dhcp Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IP Address. . . . . . . . . . . . : 192.168.1.1
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.254
       DHCP Server . . . . . . . . . . . : 192.168.1.254
       DNS Servers . . . . . . . . . . . : 192.168.1.254
       Lease Obtained. . . . . . . . . . : Friday, October 27, 2006 11:14:24 A

       Lease Expires . . . . . . . . . . : Friday, October 27, 2006 12:14:24 P


PPP adapter FocusEyeCare.Org:

       Connection-specific DNS Suffix  . : MyDomain.org
       Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
       Physical Address. . . . . . . . . : 00-53-45-00-00-00
       Dhcp Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.138
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . : 192.168.1.138
       DNS Servers . . . . . . . . . . . : 192.168.1.10
       Primary WINS Server . . . . . . . : 192.168.1.11
0
 

Author Comment

by:Pe12f3cT_d12uG
ID: 17820251
Well there may be a bigger problem then  thought.  Tried these after starting the VPN connection.

This is the results from Net Use z:\\192.168.1.10 and 192.168.1.11
System Error 67
Network Can not be found

And from the Ping.
ping xxx-server
pinging 24.172.xxx.xxx

response timed out
"
"
"
tracert fec-serve
192.168.1.254
*
*
*
I really appreciate all your help K, I hope I can get this resolved setting up he VPN has been a headache.
0
 
LVL 26

Accepted Solution

by:
lnkevin earned 500 total points
ID: 17821143
"bigger problem" That is right. First, you never have a connection established from satelite office to your server(ping result timed out). The configuration that you posted here telling me you have the router in both ends (server and satelite). Now, to make it work, you need to configure your router and firewall on the server site to allow the public IP address of your satelite router (to get the public IP: www.myipaddress.com). Remember that you can only create connection from site to site through the Internet using public IP address (real IP not 192.168.x.x). If you are not familiar with Zone Alarm, get a support package from them and they will show you how to configure your firewall.
http://www.zonelabs.com/store/content/support/phoneSupport.jsp?dc=12bms&ctry=US&lang=en&lid=ts_phone

Once you successfully connect the two routers, you can test the ping from server to satelite and vice versa. After you successfully ping your server from sat, you can start troubleshoot the browsing folder.

K
0
 

Author Comment

by:Pe12f3cT_d12uG
ID: 17836267
 


     K.

          Ok I have made some changes, I am able to ping the VPN client once it is connected from the server AND from any other node on the corporate network.  The client is being assigned an IP address by the VPN Server from a pool I specified(192.168.1.20 - 192.168.1.30)  When the Client is NOT connected I am unable to ping 192.168.1.20, it times out.  Once the Client authenticates to the server and is assigned the 192.168.1.20 I am able to ping that IP address from the server and from any node here at the corporate office.  I hope this is progress in the right direction.  Going to head to the Satellite office and see if I am able to ping the server from there.   Thanks again for the help I hope this solves any issues, will update by end of the day.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17836400
Good for you. Keep posting your progress. You will be able to solve it in this direction.

K
0
 

Author Comment

by:Pe12f3cT_d12uG
ID: 17843331
 I got it working!  You were right it was a setting on the Netopia router @ the satellite location.  After I opened some pinholes through the the firewall it worked like a charm.   Not tried browsing with Network Neihborhood, but the Net Use command worked perfectly to map a drive on the server.  I am able to see all shares now.  Thanks K if I could award more points I would.  I appreciate your help and patience.

                                                                                  John
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 17845024
I am glad for you making it happened. What's a tremendeous effort. Good luck on everything.

K
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now