Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Share access on VPN

Posted on 2008-11-01
9
326 Views
Last Modified: 2010-04-21
I have setup a VPN to a network using AD for authentication. I can dial into the VPN fine.
I can ping all servers by ip and name
i can remote desktop the server

When I  attempt to connect to a share using \\servername\share from the run command the only thing I get is an authentication dialog but it will not connect to the share. I have tried all of the following combination username, server\username, domain\username, ip\username. it just returns back to the dialog box.

I have set the permissions on the share to the
VPN group,myusername (I am an enterprise admin), as well as the everyone group.
0
Comment
Question by:sti-tech
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22860004
Try adding the DNS suffix, such as MyDomain.local to the client's VPN adapter configuration under advanced TCP/IP properties on the DNS page/tab.
Also make sure the VPN client points to the internal DNS server IP, for DNS and not the ISP.
0
 

Author Comment

by:sti-tech
ID: 22861470
Robwill, Thanks for the possiblities. How do I make sure the client is getting the DNS IP and not the ISP. I am using DHCP to assign the client IP from the server but is still shows the ISP. Also will the subnet always be 255.255.255.255. My internal subnet is 255.255.255.128 and I didn't know if this mattered? I don't understand why I can remote desktop. I seemed like a permissions thing but DSN was suggested by a colleague but with no spicific way to tune.
Thanks,
sti-tech
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22861683
How is your VPN configured? i.e are you using the Windows VPN or a 3rd party router solution?

Assuming it is the Windows VPN; connect to the server using the VPN from the client machine and run  ipconfig  /all.
Under the PPP adapter configuration it will show the DNS server being used. If it is not your server the problem is 1 of 2 things:
1) if your are using a DHCP relay agent in the VPN configuration (another server or router) that device is handing out the ISP's DNS rather than your server, which is wrong not only just for the VPN but also the LAN clients.
2) if using DHCP within the RRAS configuration, or a static address pool, the VPN client gets it's DNS IP from the network adapter of the server. Again this should be the server itself, so it would seem it has the ISP's DNS rather than itself, which is wrong and can cause name resolution delays.

As for the subnet mask, it may seem odd but 255.255.255.255 is correct for the VPN client and the gateway will be the same as the virtual adapter's assigned DHCP address.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:sti-tech
ID: 22863515
Robwill,
I tried your first suggestion to put the DNS suffix in the client settings (I am using the Windows client). The VPN would not connect - Error "691 Access denied because the username and/or password was invalid on the domain"

I also check my IP settings and it does returns the following
IP Address = private address from DHCP
subnet mask 255.255.255.255
Default gateway = same as adapter Ip address
DNS server = IP address of my internal DNS server
 Thanks for any help,
Sti-tech
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22863548
Interesting. You would more often get the 691 error without the suffix. It is a domain I assume, and you are sure it is the correct suffix, and inserted as per the following link?
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg

The IP configuration looks good.

There are options such as the LMHosts file and such, But DNS is the better solution. The others can be reviewed on my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 

Author Comment

by:sti-tech
ID: 22890676
RobWill, Well After working on this problem for some time I connected to the server via VPN on another machine and everything worked fine. I was able to see the share and move files around. So I have determined that the problem is with with my laptop. I have checked all of the setting, turned off firewall,  and still cannot see the share on my laptop. Any ideas on that.

Thanks a bunch for confirming all of the settings and the blog link. Great link I learned a lot.
Matt
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 125 total points
ID: 22891193
It is possible it is related to too high an MTU value, assuming you get the logon dialog box, and then get no further. Usually you can get to the share but not transfer a file. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1260, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 

Author Closing Comment

by:sti-tech
ID: 31512321
Thanks for all of your help you have helped me expand my VPN knowledge to a more comfortable level.
mw
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22917701
Thanks sti-tech.
Cheers !
--Rob
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access shared drive during VPN session 9 111
Available cert SBS2008 for L2TP /IPSec 4 63
DNS Server 7 59
SQL Server Connection String through a VPN 8 55
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question