Solved

Mapped drive access through VPN-- cannot access files

Posted on 2007-12-04
30
5,117 Views
Last Modified: 2010-08-05
I am having a problem accessing the shared drives off of our Server through the VPN. The user logs into their machine, starts the VPN, Re-syncs the machine so its online, and click on the mapped drives. A window pops up asking for log in username and password. The user then types in their domain name and password. A message pops up saying something simliar to that username is already logged in on the Domain and cannot connect a second time, log in with a different username.

I cant seem to get past this window which doesnt allow me to open any of the mapped drives.

Any suggestions?

One thing I have noted is that my CEO connects through the VPN on LAN line and not wireless. He can access all of his mapped drives with no problems. Could having a wirless connection have anything to do with this issue?

Note: I am able to ping both DC's and RDC on both too.
0
Comment
Question by:stevensims
  • 14
  • 13
  • 3
30 Comments
 
LVL 7

Expert Comment

by:macentrap
ID: 20405391
Do your the network you trying to access and place from where you accessing have the same IPadress
Do they both the similar Like as in 192.168.0.X

go to 'cmd' prompt and check using 'ipconfig'

if yes you have to change the IP settings  from which you are trying to access the VPN. Change the default Gateway (on your router - if you using that)
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20405411
what kind of wireless do you have? is it sibple access point or wireless router?
where do you make VPN connections to?
0
 
LVL 1

Author Comment

by:stevensims
ID: 20405744
The user has a basic wireless router..linksys. The IP address is 192.168.1.100, Router IP is 192.168.1.1. The VPN connection IP address is in the same range as what we have inside our company network 10.10.XX.XX.

The VPN connections go directly to our DFL300 VPN. The DFL300 and all of our DC's are in the same building.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20405896
please, show exact error message from event log
do users log on to domain and then create vpn, or the do logon locally and then vpn to the domain?
0
 
LVL 1

Author Comment

by:stevensims
ID: 20406758
I dont have the exact message at the moment, but I was the one that verified the message. Users are not local. They sign into their laptop with their domain username and password (these laptops are used on and offsite). The laptop gives them a message that the machine is offline. They then start the VPN. Once the VPN is connected they right click the computer in the systray and select sync. The computer's status changes from offline to online. They then go to My Computer and click on one of their Mapped drives (folder stored on DC1). A login windo pops up. They enter their domain username and password. Press enter and another notification pops up saying that that username is already connected and cannot connect twice. Our user cannot get past this window thus is not able to access the shared drives.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20406959
it is strange, because if users are logged in with so called cached credentials, then no additional authentication process needed.
looks like your pcs are not trusted by DC any more thats why they are asked to reauthenticate.
is it possible to get event log from server when such client is logging on?
0
 
LVL 1

Author Comment

by:stevensims
ID: 20407257
weird thing is that if I bring the laptop to the company and log in, i have no problems at all. I can open any of the shared drives.

It has to be the domain doesnt see the credentials of the person, so it assumes that the person hasnt logged in yet thus a log in window pops up. However, locally the machine knows its on the domain or believes its on the domain. When trying to open a shared drive the local machine pops up the message that that username has already logged into the domian and needs a differnt log in name due to the domain rejecting the drive being open.

I dont know if any of that makes sense. I will check the event viewer.
0
 
LVL 7

Expert Comment

by:macentrap
ID: 20407309
Give this a try on command line

net use <Sharename>
http://www.ss64.com/nt/net_share.html

Do this work
0
 
LVL 7

Expert Comment

by:macentrap
ID: 20407334
you have a software firewall, like Norton Security, it could be blocking the allowance of network connections like File Sharing and NetBios (in Norton, found under Advanced Settings > Networking)

Try to Disable that.
0
 
LVL 1

Author Comment

by:stevensims
ID: 20407456
Well I do know that the users machine that i used is using AVG antivirus. I also know thats it the personal edition and not the business version. I wonder if that could be causing the conflict.

However, in house this issue doesnt exist with AVG antivirus running.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20407480
btw, does your vpn allow netbios and ldap traffic ?
0
 
LVL 1

Author Comment

by:stevensims
ID: 20412700
I am not for sure to be honest. However, I know I can ping the DC's using both the IP address and their Domain name. I would assume the NetBios part would be a yes. Not for sure about the LDAP part.

I had my user disable their antivirus application. It did not make a difference and they still got the login window for the shared drive.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20412753
hm.... please verify, that when you ping your dc from lan and from vpn you get answers from the same IP.
what the ip addresses do you use in lan and via vpn

please, don't hide ipaddresses if they are private.
it looks like when you are on vpn your pcs knocking to a different server, (may be even with the same ip as yours) which is unaware about your users.
0
 
LVL 1

Author Comment

by:stevensims
ID: 20413109
Yes I do get the same ping response.

Our Servers are 10.10.47.4 and 10.10.47.5. If I ping either one of these on the VPN i get the FQDN listed and the IP address of the machine. I can also ping other wokstations on the network. This is the same if i ping the DC's on the lan.

Our primary DC is 10.10.47.4 secondary is 10.10.47.5
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413150
ok, in this case you should see logon attempts in the security event log of your server (successful or failed)
what about them?
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Author Comment

by:stevensims
ID: 20413520
I looked through the event viewer:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            12/4/2007
Time:            2:23:44 PM
User:            NT AUTHORITY\SYSTEM
Computer:      DC1
Description:
Logon Failure:
       Reason:            An unexpected error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20413589
here is what ms says about this:
http://support.microsoft.com/kb/318922
0
 
LVL 1

Author Comment

by:stevensims
ID: 20413928
Her workstation's time was off by 3.5 minutes..we set it to the same as the DC.

After wards we tried again,

After the user enters log in credentials for the mapped drives the following window pops up:

Unable to connect to DC1 users

multiple connections to a server or shared resources by the same user using more than one username are not allowed

disconnect all previous connection to the server and or shared resource and try again.

I then had her try to log into one of our file servers that isnt a DC.

user.name
domain password
got the message server password incorrect or userrname unknown

Tried a second time
user.name@domain.us
domain password

Got the multiple connections message above again.





0
 
LVL 1

Author Comment

by:stevensims
ID: 20414067
Another question.

Our setup
DC1 windows Server 2000
DC2 Windows Server 2003

I believe our time server is Server 2000. Would it be better to change it to the Server 2003 DC?

Just recently I found out that port 123 was closed. I have been updating the clocks on the Time server manually. I opened the port two days ago but the time server is still ahead of internet time by about 4 minutes.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20414130
you should configure time server on the client to update clock automaticaly
net time /yourdomain /set
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20414140
from all simpthoms we have it seems we're dealing exactly with kerberos auth process.
time sync can be one of the reasons
0
 
LVL 1

Author Comment

by:stevensims
ID: 20415250
I had her change her clock to almost the exact seconds as what is on the time server. So far we get the same multiple connections message regardless of the time change
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20608405
hi!
how far have you managed with your problem?
0
 
LVL 1

Author Comment

by:stevensims
ID: 20632661
HI exp,

Still havent gotten the Atomic.exe to work through my firewall. I have opened all ports that are need by tha application.

So far I have to manually update the Domain clocks.
0
 
LVL 1

Author Comment

by:stevensims
ID: 20632679
Oh and still having an issue with connecting to the domain through the VPN. I recently found out the we may have an AD Schema Master issue. Not for sure how big of a role that would play with this problem.  
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20634585
actually, AD problems can infuence remote logon also, please report back, when you'll manage that problem
0
 
LVL 1

Author Comment

by:stevensims
ID: 20934247
I think it is an AD issue. My sysvol isnt replicating which may be due to AD being being incorrect. One thing i have noticed was when I log on remotely to DC2 my remote desktop connection will disconnect after a couple of minutes. However, I can ping DC1 and our app server. If i try pingiing DC2 afterwards it doesn't respond back. If i then Remote into DC1 I can ping it from that machine with no problems. So there appears to be some issue with my VPN users and DC2. DC2 is also the exchange server and the preferred DNS server.
0
 
LVL 21

Accepted Solution

by:
from_exp earned 125 total points
ID: 20935506
hi!
i suppose you have to look for reasons in the eventlog to find the cause of the replication problems.
it is possible, that you have problems with vpn and due to them dc2 is unable to replicate with dc1
0
 
LVL 1

Author Comment

by:stevensims
ID: 20977255
Yes it was a replication/AD problem that caused VPN issues.

My PDC/Exchange Server was stuck in the Journal Wrap error thus preventing it from being a suitable DC. Once I rebuilt the SYSVOL everything is working perfect.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20977294
nice!
suppose you can close this q now
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now