Solved

Users unable to view contents of shared folders over VPN

Posted on 2008-06-18
4
382 Views
Last Modified: 2010-04-12
We are piloting a PIX 520 VPN solution for our main office.  We currently use an open sourced VPN which has been solid, but has security holes and occasional hiccups.  One particular problem we are having with the PIX 520 is when users connect, they are able to access the shared drives, but unable to view the folder contents.  The PIX 520 authenticates against AD which sits on a Windows 2003 Standard server.  

One strange twist, when I logged in using the administrators account, I was able to access and view all folder contents.  But when logging in using my credentials (with domain admin privileges) I'm unable to view the contents of the shared folders.

I've flushed the DNS cache on my machine, but I don't think it's a DNS issue after the success I had with the administrators account.

Any ideas?
0
Comment
Question by:mcokely01844
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21814601
My standard troubleshooting method on that, after checking rights issues in the windows PC and server and PC & server events logs for clues, is to start combing the firewall logs for any items that go between the remote PC and the server, or the remote PCs NAT address it gets through the VPN and the server. Is there anything in your file share server limiting what IP addresses can use shares? and does the server have a route back to the firewall terminating the VPN containing both the local segment and the VPN users NAT addresses? With a PIX its important to remember that traffic can only go one way through an interface, meaning you cant go in and then back out the same interface with a flow.

Failing all that, im a huge fan of the Sniffer. If you dont have a real Sniffer, you can use ethereal or wireshark, or even the PIX' own capture function, to capture the traffic on the wire that is working using your admin user, and compare it to the non working other users traffic. Find the difference, and you;ve basically found what to change to fix your problem.

With your case of the admin user working and other users not working, it REALLY feels like a rights issue... you would see stuff in the trace coming from the server responding to user requests denying a connection or something.

0
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 21892191
Any luck?
0
 

Author Comment

by:mcokely01844
ID: 21955885
I haven't been able to mess with it lately due to a birth in my family.

Here's an update... We think the problem has to do with NetBios.  The shared drives sit on the primary domain controller, which is also the IAS.  However, when connected via VPN (PIX) we are unable using our individual AD logons to access the shared resources.  When connected we can ping the server by IP, but can't ping it using the short NetBios name.  This is where it gets strange.  We can ping the server using the netbios.domain.local address.  I went into the pix and specificied the domain as domain.local.  This didn't resolve the issue.

What I don't get is how the IAS policy for the pix is setup for all domain users to have access, yet only the administrator can access the shared resources on the domain controller.  

One  other thing that has been brought to my attention is that the domain controller is no longer visable in the network places.  

Any more ideas?
0
 

Accepted Solution

by:
mcokely01844 earned 0 total points
ID: 21958245
I actually reread my comment and figured it out.  If the Netbios name is resolving, but the DNS name isn't, then it has to be a DNS issue.  So I went into DNS and noticed that for some strange reason (could be our security software) the DC's pointer record was gone.  I recreated the record, waited for DNS to update, shortly after the DC appeared in the network.

When I got home I logged into the VPN and accessed the shared drives without issue.

Thanks for the help.


0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now