Solved

Users unable to view contents of shared folders over VPN

Posted on 2008-06-18
4
396 Views
Last Modified: 2010-04-12
We are piloting a PIX 520 VPN solution for our main office.  We currently use an open sourced VPN which has been solid, but has security holes and occasional hiccups.  One particular problem we are having with the PIX 520 is when users connect, they are able to access the shared drives, but unable to view the folder contents.  The PIX 520 authenticates against AD which sits on a Windows 2003 Standard server.  

One strange twist, when I logged in using the administrators account, I was able to access and view all folder contents.  But when logging in using my credentials (with domain admin privileges) I'm unable to view the contents of the shared folders.

I've flushed the DNS cache on my machine, but I don't think it's a DNS issue after the success I had with the administrators account.

Any ideas?
0
Comment
Question by:mcokely01844
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21814601
My standard troubleshooting method on that, after checking rights issues in the windows PC and server and PC & server events logs for clues, is to start combing the firewall logs for any items that go between the remote PC and the server, or the remote PCs NAT address it gets through the VPN and the server. Is there anything in your file share server limiting what IP addresses can use shares? and does the server have a route back to the firewall terminating the VPN containing both the local segment and the VPN users NAT addresses? With a PIX its important to remember that traffic can only go one way through an interface, meaning you cant go in and then back out the same interface with a flow.

Failing all that, im a huge fan of the Sniffer. If you dont have a real Sniffer, you can use ethereal or wireshark, or even the PIX' own capture function, to capture the traffic on the wire that is working using your admin user, and compare it to the non working other users traffic. Find the difference, and you;ve basically found what to change to fix your problem.

With your case of the admin user working and other users not working, it REALLY feels like a rights issue... you would see stuff in the trace coming from the server responding to user requests denying a connection or something.

0
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21892191
Any luck?
0
 

Author Comment

by:mcokely01844
ID: 21955885
I haven't been able to mess with it lately due to a birth in my family.

Here's an update... We think the problem has to do with NetBios.  The shared drives sit on the primary domain controller, which is also the IAS.  However, when connected via VPN (PIX) we are unable using our individual AD logons to access the shared resources.  When connected we can ping the server by IP, but can't ping it using the short NetBios name.  This is where it gets strange.  We can ping the server using the netbios.domain.local address.  I went into the pix and specificied the domain as domain.local.  This didn't resolve the issue.

What I don't get is how the IAS policy for the pix is setup for all domain users to have access, yet only the administrator can access the shared resources on the domain controller.  

One  other thing that has been brought to my attention is that the domain controller is no longer visable in the network places.  

Any more ideas?
0
 

Accepted Solution

by:
mcokely01844 earned 0 total points
ID: 21958245
I actually reread my comment and figured it out.  If the Netbios name is resolving, but the DNS name isn't, then it has to be a DNS issue.  So I went into DNS and noticed that for some strange reason (could be our security software) the DC's pointer record was gone.  I recreated the record, waited for DNS to update, shortly after the DC appeared in the network.

When I got home I logged into the VPN and accessed the shared drives without issue.

Thanks for the help.


0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question