[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1151
  • Last Modified:

Unable to connect to DFS Namespaces with Small Business Server PPTP VPN

Hi Folks,

We have a perfectly functioning and replicating namespace that is accessible fine from inside the network and all sites.  We have three sites.  Head office with a SBS2003R2 Box and a W2K3R2 Box (Namespace server1)  Site 2 with a W2K3R2 Box (Namespace server2) and site 3  with aW2K3R3 Box (Namespace server3).

When a remote user connects to the network using the "connect to small business server" tool (PPTP VPN), all of the mapped drives which resolve to the namespace are visable but cannot be accessed by the user.

I'm wondering if required ports are being blocked in the SBS (RRAS) firewall
Network Ports Used by DFS
 
NetBIOS Name Service - 137
NetBIOS Datagram Service - 138
NetBIOS Session Service - 139
 LDAP Server - 389
 Remote Procedure Call (RPC) endpoint mapper - 135
 Server Message Block (SMB) - 445
 
Any other ideas?  Anyone seen this before??
0
mevels
Asked:
mevels
  • 2
1 Solution
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Ports shouldn't be blocked since VPN has free reign in the connected network.

Check your Gateway settings for the PPTP connection on the client doing the connecting. It may be set to use Gateway on Remote Network.
  VPN Properites --> TCP/IP --> Properties --> Advanced --> IP.

Also, make sure the mapped drives are FQDN:
 \\mysbsserver.mysbsdomain.local\sharename
 \\Siteserver.mysbsdomain.local\sharename

Philip
0
 
Rob WilliamsCommented:
>>"I'm wondering if required ports are being blocked in the SBS (RRAS) firewall"
When you enable RRAS it disables the windows firewall. You can verify by clicking on Windows firewall in control panel. You will get an ipnat error.

There is also a basic NAT firewall (no port blockage) within RRAS itself. If you configured RRAS with the "configure remote access" wizard this should not be present or enabled. You can verify by opening the RRAS console and under IP routing, you should NOT see NAT/basic firewall. If you do you can right click on it and choose delete

As for the VPN itself, it purpose it so allow all traffic on all ports within the tunnel.

Can you access a typical server share perhaps by IP such as \\192.168.123.123\ShareName ?
If not, a common problem with VPN's is the MTU value. If to high you can often see a folder but not browse its contents or if you can see the contents, not copy files. See the following regarding MTU values. It may be related to your problem.

Dropped connections, ability to download files, or even browse folders can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 
Rob WilliamsCommented:
Hi Philip. mevels waits 14 hours for a reply and then two 1 minute apart  :-)
--Rob
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now