We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


VPN Connection Made - Now What?

mrmyth asked
Medium Priority
Last Modified: 2010-04-12
Okay, so I have made a VPN connection to a Small Business server from a client computer that is outside the business. It is connected and shows it is in the network connections.

Now I want to be able to access files on the file sever as if I were in the office.

What more do I need to do?

I thought I would be able to map to shared volumes on the server, but apparently I'm missing something.

Here are the details.

Client computer is an XP SP2 desktop that is on a DSL connection. It is on a separate workgroup that is particular to my home.

The work server is a small business server on a domain that is behind a Sonicwall.
Watch Question

Top Expert 2013
I assume your connection is working and you can ping the devices to which you want to connect. If so you likely have a name resolution issue. This is common with VPN's. Below are some ways to deal with it. Se if any are of some help to you. If you cannot ping the devices make sure their software firewalls such as the Windows firewall is at least disabled for testing. If still no luck let us know and we can help to locate the problem.

1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


That is a great post. Thank you.

OK, so in number 7 I can connect with the full computer and domain name so that is great. I'm making progress! What I don't know where the "DNS configuration of the virtual private adapter/connection" is.  Where you say "right click on virtual adaptor," I don't know where that is. I'm assuming it's on the client computer. In the network connections I have the Connect to Small Business Server connection (as installed from the floppy created by my server) and the Local Area Connection. Both are connected.

I think I'm getting very close to what I want to do with this. I want to be able to take a laptop from the office, to outside the office and use it as if it were in the office. I also want to be able to connect from employee's home xp and 2000 computers so that they can access the shared folders that they have permission to.

So here are my questions
1) the above question about the virtual adapter and what that is.
2) It just so happens that the local network IPs of the network that I'm currently connecting from are all 192.168.2.* and the workplace is 192.168.1.*
Am I going to have conflict trouble if try to connect from a local area network that has the same internal ip range? I'm very wary of the idea of changing the IP addresses of all the computers at the company to something less common, just because of unforseen problems that may arise.
Top Expert 2013

1) In this case the virtual adapter is called the "Connect to Small Business Server connection "
2) As for having conflicts when users try to connect from sites with the 192.168.1.x subnet........in theory yes. The problem is routing devices direct packets based on subnets. If either end of the tunnel are the same the router doesn't know whether to keep the packets local or send to the remote site and they may be lost.  I say in theory. The only case where similar subnets will sometimes work is with the Windows VPN and the client configured in it's default state. There is an option in the Windows VPN client, to use the remote gateway, located:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | "Use default gateway on remote network"
If this is enabled, you can often connect with similar subnets. It is enabled by default. This protects the corporate network from local traffic, but also blocks users from connecting to local resources at the client site such as shared printers and local Internet access. It should be enabled but a lot of people don't like the restrictions and un-check it.

The only sure fire way to make the VPN work properly is to change the server side as you suggested. As a rule if you plan to use VPN's, avoid setting up your network with common subnets such as,,,, and
Should you plan to change the server, make sure you plan carefully, all static IP's for servers, printers and such must be changed, and all DHCP addresses refreshed. VERY important on SBS you use the wizard to change the IP, or many services such as sharepoint and web access features will stop working, if you do it manually.


That is very very helpful. I'm still not thrilled about the changing of the IP subnets, especially since I have the SOHO3 sonicwall in use and some static ips out there. Any idea of an uncommon subnet that I could use if I do decide to go this route?

the only thing is that when I go to the Network Connections on my client computer and right click on "Connect to Small Business Server" the advanced tap doesn't have the tcp/ip properties. It just has the firewall settings, Internet Connection Sharing and Network setup wizard.

Remote Web Workplace is looking better and better.


I'm checking out remote web workplace because it just seems like a better solution.

I can log into the site but when I try to connect to the domain server desktop I get the error "Remote Desktop Diskconnected"

The client could not connect to the remote computer. Remote connections might not be enabled or the computer might be too busy to accept new connections...

I have port 4125 open on the firewall, as well as 443.

Any ideas?


diskconnected... I coined a new word there. I meant disconnected of cours.
Top Expert 2013

>>"diskconnected"  :-)
I have always felt the inability to spell is a sign of true genius. I must be brilliant !  :-)

If you are able to connect to the RWW web site then the "Remote connections might not be enabled or the computer might be too busy to accept new connections..." usually indicates the Windows firewall on the workstation, is blocking the connection (see #3). However check the following:

On the workstations:
1) if you haven't done so you need to enable remote desktop (actually do this before adjusting the firewall) My computer | properties | Remote| check - Allow users to connect remotely to this computer
2) on the same tab/page click "select remote users" add the user you want to allow to connect. Administrators are allowed by default, but any other users must be a member of the local machine's Remote Desktop Users Group.
3) See if the  Windows firewall is enabled or not configured to allow connections. Either disable as a test or enable remote desktop connections ( control panel | windows firewall ). When you do the latter it usually only allows connections from the same site. You then have to highlight Remote Desktop in the firewall exceptions list | choose edit | highlight tcp 3389 chose change scope | check " allow any computer including those from the Internet"
4) Verify the the network adapter is not "asleep". Under device manager  | properties for the network adapter | power management | "allow the computer to turn off this device to save power" make sure , if it exists it is nod checked/enabled

On the server:
5) Make sure the user is a member of the "Remote Web Workplace Users" group in the "security Groups" OU.


Great. Thanks for your help. I found that although the port was open in the firewall, I had not designated the IP of the "Public LAN Server"

Next step will be turning on a computer at the worksite and remoting into it.


I really appreciate the the way you explain things. It is a huge help.
Top Expert 2013

You are very welcome mrmyth.
Thanks you. Cheers,
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.