Solved

Users unable to view contents of shared folders over VPN

Posted on 2008-06-18
4
387 Views
Last Modified: 2010-04-12
We are piloting a PIX 520 VPN solution for our main office.  We currently use an open sourced VPN which has been solid, but has security holes and occasional hiccups.  One particular problem we are having with the PIX 520 is when users connect, they are able to access the shared drives, but unable to view the folder contents.  The PIX 520 authenticates against AD which sits on a Windows 2003 Standard server.  

One strange twist, when I logged in using the administrators account, I was able to access and view all folder contents.  But when logging in using my credentials (with domain admin privileges) I'm unable to view the contents of the shared folders.

I've flushed the DNS cache on my machine, but I don't think it's a DNS issue after the success I had with the administrators account.

Any ideas?
0
Comment
Question by:mcokely01844
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21814601
My standard troubleshooting method on that, after checking rights issues in the windows PC and server and PC & server events logs for clues, is to start combing the firewall logs for any items that go between the remote PC and the server, or the remote PCs NAT address it gets through the VPN and the server. Is there anything in your file share server limiting what IP addresses can use shares? and does the server have a route back to the firewall terminating the VPN containing both the local segment and the VPN users NAT addresses? With a PIX its important to remember that traffic can only go one way through an interface, meaning you cant go in and then back out the same interface with a flow.

Failing all that, im a huge fan of the Sniffer. If you dont have a real Sniffer, you can use ethereal or wireshark, or even the PIX' own capture function, to capture the traffic on the wire that is working using your admin user, and compare it to the non working other users traffic. Find the difference, and you;ve basically found what to change to fix your problem.

With your case of the admin user working and other users not working, it REALLY feels like a rights issue... you would see stuff in the trace coming from the server responding to user requests denying a connection or something.

0
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21892191
Any luck?
0
 

Author Comment

by:mcokely01844
ID: 21955885
I haven't been able to mess with it lately due to a birth in my family.

Here's an update... We think the problem has to do with NetBios.  The shared drives sit on the primary domain controller, which is also the IAS.  However, when connected via VPN (PIX) we are unable using our individual AD logons to access the shared resources.  When connected we can ping the server by IP, but can't ping it using the short NetBios name.  This is where it gets strange.  We can ping the server using the netbios.domain.local address.  I went into the pix and specificied the domain as domain.local.  This didn't resolve the issue.

What I don't get is how the IAS policy for the pix is setup for all domain users to have access, yet only the administrator can access the shared resources on the domain controller.  

One  other thing that has been brought to my attention is that the domain controller is no longer visable in the network places.  

Any more ideas?
0
 

Accepted Solution

by:
mcokely01844 earned 0 total points
ID: 21958245
I actually reread my comment and figured it out.  If the Netbios name is resolving, but the DNS name isn't, then it has to be a DNS issue.  So I went into DNS and noticed that for some strange reason (could be our security software) the DC's pointer record was gone.  I recreated the record, waited for DNS to update, shortly after the DC appeared in the network.

When I got home I logged into the VPN and accessed the shared drives without issue.

Thanks for the help.


0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Getting locked out and can't access Cisco via the web 18 66
using BGP Attributes 2 89
route-map permit with a number 1 19
Review of a VPN cert policy 4 28
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question