Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5176
  • Last Modified:

Mapped drive access through VPN-- cannot access files

I am having a problem accessing the shared drives off of our Server through the VPN. The user logs into their machine, starts the VPN, Re-syncs the machine so its online, and click on the mapped drives. A window pops up asking for log in username and password. The user then types in their domain name and password. A message pops up saying something simliar to that username is already logged in on the Domain and cannot connect a second time, log in with a different username.

I cant seem to get past this window which doesnt allow me to open any of the mapped drives.

Any suggestions?

One thing I have noted is that my CEO connects through the VPN on LAN line and not wireless. He can access all of his mapped drives with no problems. Could having a wirless connection have anything to do with this issue?

Note: I am able to ping both DC's and RDC on both too.
0
stevensims
Asked:
stevensims
  • 14
  • 13
  • 3
1 Solution
 
macentrapCommented:
Do your the network you trying to access and place from where you accessing have the same IPadress
Do they both the similar Like as in 192.168.0.X

go to 'cmd' prompt and check using 'ipconfig'

if yes you have to change the IP settings  from which you are trying to access the VPN. Change the default Gateway (on your router - if you using that)
0
 
from_expCommented:
what kind of wireless do you have? is it sibple access point or wireless router?
where do you make VPN connections to?
0
 
stevensimsAuthor Commented:
The user has a basic wireless router..linksys. The IP address is 192.168.1.100, Router IP is 192.168.1.1. The VPN connection IP address is in the same range as what we have inside our company network 10.10.XX.XX.

The VPN connections go directly to our DFL300 VPN. The DFL300 and all of our DC's are in the same building.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
from_expCommented:
please, show exact error message from event log
do users log on to domain and then create vpn, or the do logon locally and then vpn to the domain?
0
 
stevensimsAuthor Commented:
I dont have the exact message at the moment, but I was the one that verified the message. Users are not local. They sign into their laptop with their domain username and password (these laptops are used on and offsite). The laptop gives them a message that the machine is offline. They then start the VPN. Once the VPN is connected they right click the computer in the systray and select sync. The computer's status changes from offline to online. They then go to My Computer and click on one of their Mapped drives (folder stored on DC1). A login windo pops up. They enter their domain username and password. Press enter and another notification pops up saying that that username is already connected and cannot connect twice. Our user cannot get past this window thus is not able to access the shared drives.
0
 
from_expCommented:
it is strange, because if users are logged in with so called cached credentials, then no additional authentication process needed.
looks like your pcs are not trusted by DC any more thats why they are asked to reauthenticate.
is it possible to get event log from server when such client is logging on?
0
 
stevensimsAuthor Commented:
weird thing is that if I bring the laptop to the company and log in, i have no problems at all. I can open any of the shared drives.

It has to be the domain doesnt see the credentials of the person, so it assumes that the person hasnt logged in yet thus a log in window pops up. However, locally the machine knows its on the domain or believes its on the domain. When trying to open a shared drive the local machine pops up the message that that username has already logged into the domian and needs a differnt log in name due to the domain rejecting the drive being open.

I dont know if any of that makes sense. I will check the event viewer.
0
 
macentrapCommented:
Give this a try on command line

net use <Sharename>
http://www.ss64.com/nt/net_share.html

Do this work
0
 
macentrapCommented:
you have a software firewall, like Norton Security, it could be blocking the allowance of network connections like File Sharing and NetBios (in Norton, found under Advanced Settings > Networking)

Try to Disable that.
0
 
stevensimsAuthor Commented:
Well I do know that the users machine that i used is using AVG antivirus. I also know thats it the personal edition and not the business version. I wonder if that could be causing the conflict.

However, in house this issue doesnt exist with AVG antivirus running.
0
 
from_expCommented:
btw, does your vpn allow netbios and ldap traffic ?
0
 
stevensimsAuthor Commented:
I am not for sure to be honest. However, I know I can ping the DC's using both the IP address and their Domain name. I would assume the NetBios part would be a yes. Not for sure about the LDAP part.

I had my user disable their antivirus application. It did not make a difference and they still got the login window for the shared drive.
0
 
from_expCommented:
hm.... please verify, that when you ping your dc from lan and from vpn you get answers from the same IP.
what the ip addresses do you use in lan and via vpn

please, don't hide ipaddresses if they are private.
it looks like when you are on vpn your pcs knocking to a different server, (may be even with the same ip as yours) which is unaware about your users.
0
 
stevensimsAuthor Commented:
Yes I do get the same ping response.

Our Servers are 10.10.47.4 and 10.10.47.5. If I ping either one of these on the VPN i get the FQDN listed and the IP address of the machine. I can also ping other wokstations on the network. This is the same if i ping the DC's on the lan.

Our primary DC is 10.10.47.4 secondary is 10.10.47.5
0
 
from_expCommented:
ok, in this case you should see logon attempts in the security event log of your server (successful or failed)
what about them?
0
 
stevensimsAuthor Commented:
I looked through the event viewer:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            12/4/2007
Time:            2:23:44 PM
User:            NT AUTHORITY\SYSTEM
Computer:      DC1
Description:
Logon Failure:
       Reason:            An unexpected error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
0
 
from_expCommented:
here is what ms says about this:
http://support.microsoft.com/kb/318922
0
 
stevensimsAuthor Commented:
Her workstation's time was off by 3.5 minutes..we set it to the same as the DC.

After wards we tried again,

After the user enters log in credentials for the mapped drives the following window pops up:

Unable to connect to DC1 users

multiple connections to a server or shared resources by the same user using more than one username are not allowed

disconnect all previous connection to the server and or shared resource and try again.

I then had her try to log into one of our file servers that isnt a DC.

user.name
domain password
got the message server password incorrect or userrname unknown

Tried a second time
user.name@domain.us
domain password

Got the multiple connections message above again.





0
 
stevensimsAuthor Commented:
Another question.

Our setup
DC1 windows Server 2000
DC2 Windows Server 2003

I believe our time server is Server 2000. Would it be better to change it to the Server 2003 DC?

Just recently I found out that port 123 was closed. I have been updating the clocks on the Time server manually. I opened the port two days ago but the time server is still ahead of internet time by about 4 minutes.
0
 
from_expCommented:
you should configure time server on the client to update clock automaticaly
net time /yourdomain /set
0
 
from_expCommented:
from all simpthoms we have it seems we're dealing exactly with kerberos auth process.
time sync can be one of the reasons
0
 
stevensimsAuthor Commented:
I had her change her clock to almost the exact seconds as what is on the time server. So far we get the same multiple connections message regardless of the time change
0
 
from_expCommented:
hi!
how far have you managed with your problem?
0
 
stevensimsAuthor Commented:
HI exp,

Still havent gotten the Atomic.exe to work through my firewall. I have opened all ports that are need by tha application.

So far I have to manually update the Domain clocks.
0
 
stevensimsAuthor Commented:
Oh and still having an issue with connecting to the domain through the VPN. I recently found out the we may have an AD Schema Master issue. Not for sure how big of a role that would play with this problem.  
0
 
from_expCommented:
actually, AD problems can infuence remote logon also, please report back, when you'll manage that problem
0
 
stevensimsAuthor Commented:
I think it is an AD issue. My sysvol isnt replicating which may be due to AD being being incorrect. One thing i have noticed was when I log on remotely to DC2 my remote desktop connection will disconnect after a couple of minutes. However, I can ping DC1 and our app server. If i try pingiing DC2 afterwards it doesn't respond back. If i then Remote into DC1 I can ping it from that machine with no problems. So there appears to be some issue with my VPN users and DC2. DC2 is also the exchange server and the preferred DNS server.
0
 
from_expCommented:
hi!
i suppose you have to look for reasons in the eventlog to find the cause of the replication problems.
it is possible, that you have problems with vpn and due to them dc2 is unable to replicate with dc1
0
 
stevensimsAuthor Commented:
Yes it was a replication/AD problem that caused VPN issues.

My PDC/Exchange Server was stuck in the Journal Wrap error thus preventing it from being a suitable DC. Once I rebuilt the SYSVOL everything is working perfect.
0
 
from_expCommented:
nice!
suppose you can close this q now
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 14
  • 13
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now