Solved

Share access on VPN

Posted on 2008-11-01
9
324 Views
Last Modified: 2010-04-21
I have setup a VPN to a network using AD for authentication. I can dial into the VPN fine.
I can ping all servers by ip and name
i can remote desktop the server

When I  attempt to connect to a share using \\servername\share from the run command the only thing I get is an authentication dialog but it will not connect to the share. I have tried all of the following combination username, server\username, domain\username, ip\username. it just returns back to the dialog box.

I have set the permissions on the share to the
VPN group,myusername (I am an enterprise admin), as well as the everyone group.
0
Comment
Question by:sti-tech
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22860004
Try adding the DNS suffix, such as MyDomain.local to the client's VPN adapter configuration under advanced TCP/IP properties on the DNS page/tab.
Also make sure the VPN client points to the internal DNS server IP, for DNS and not the ISP.
0
 

Author Comment

by:sti-tech
ID: 22861470
Robwill, Thanks for the possiblities. How do I make sure the client is getting the DNS IP and not the ISP. I am using DHCP to assign the client IP from the server but is still shows the ISP. Also will the subnet always be 255.255.255.255. My internal subnet is 255.255.255.128 and I didn't know if this mattered? I don't understand why I can remote desktop. I seemed like a permissions thing but DSN was suggested by a colleague but with no spicific way to tune.
Thanks,
sti-tech
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22861683
How is your VPN configured? i.e are you using the Windows VPN or a 3rd party router solution?

Assuming it is the Windows VPN; connect to the server using the VPN from the client machine and run  ipconfig  /all.
Under the PPP adapter configuration it will show the DNS server being used. If it is not your server the problem is 1 of 2 things:
1) if your are using a DHCP relay agent in the VPN configuration (another server or router) that device is handing out the ISP's DNS rather than your server, which is wrong not only just for the VPN but also the LAN clients.
2) if using DHCP within the RRAS configuration, or a static address pool, the VPN client gets it's DNS IP from the network adapter of the server. Again this should be the server itself, so it would seem it has the ISP's DNS rather than itself, which is wrong and can cause name resolution delays.

As for the subnet mask, it may seem odd but 255.255.255.255 is correct for the VPN client and the gateway will be the same as the virtual adapter's assigned DHCP address.
0
 

Author Comment

by:sti-tech
ID: 22863515
Robwill,
I tried your first suggestion to put the DNS suffix in the client settings (I am using the Windows client). The VPN would not connect - Error "691 Access denied because the username and/or password was invalid on the domain"

I also check my IP settings and it does returns the following
IP Address = private address from DHCP
subnet mask 255.255.255.255
Default gateway = same as adapter Ip address
DNS server = IP address of my internal DNS server
 Thanks for any help,
Sti-tech
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 22863548
Interesting. You would more often get the 691 error without the suffix. It is a domain I assume, and you are sure it is the correct suffix, and inserted as per the following link?
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg

The IP configuration looks good.

There are options such as the LMHosts file and such, But DNS is the better solution. The others can be reviewed on my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 

Author Comment

by:sti-tech
ID: 22890676
RobWill, Well After working on this problem for some time I connected to the server via VPN on another machine and everything worked fine. I was able to see the share and move files around. So I have determined that the problem is with with my laptop. I have checked all of the setting, turned off firewall,  and still cannot see the share on my laptop. Any ideas on that.

Thanks a bunch for confirming all of the settings and the blog link. Great link I learned a lot.
Matt
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 125 total points
ID: 22891193
It is possible it is related to too high an MTU value, assuming you get the logon dialog box, and then get no further. Usually you can get to the share but not transfer a file. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1260, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 

Author Closing Comment

by:sti-tech
ID: 31512321
Thanks for all of your help you have helped me expand my VPN knowledge to a more comfortable level.
mw
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22917701
Thanks sti-tech.
Cheers !
--Rob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now