VPN working except for mapped drives

Hello All,
Our office has a single Windows 2008 Server (Active Directory, PDC) and a VPN connection between office and remote office using two ZyXEL Prestige P662 routers.

VPN works well and is stable (e.g. FTP, RDP and HTTP via local IP addresses).

What doesn't work is mapping drives.  If I try to map a drive (using IP address of server) then it asks for a username/pwd.  I enter the administrator credentials and then it says Access is denied!  Doing the same when "on the LAN" works perfectly.  I've tried to interpret the logs but I am not sure what to look for.

Bottom line, I am having do all my file access via FTP.

Can someone point me in the right direction.  I can supply services start state, and log entries if required)

Office   IP address range is 192.168.1.0   /24.  
Remote IP address range is 192.168.68.0 /24.

Thanks.

C:\Program Files\Microsoft Visual Studio 9.0\VC>net use T: \\192.168.1.3\Projects
Enter the user name for '192.168.1.3': MYDOMAIN\Administrator
Enter the password for 192.168.1.3: (enter-my-password-here)
System error 5 has occurred.
 
Access is denied.

Open in new window

LVL 2
Chris WalshSoftware DeveloperAsked:
Who is Participating?
 
Chris WalshSoftware DeveloperAuthor Commented:
This problem no longer occurred for 3-4 months now.
In much the same way that I can't work out what caused it, I cannot work out what made it go away either.  The problem did exist constantly for a number of months however.

I don't know whether I can close this question and mark it "unsolved" (an X-File!).
0
 
lnkevinCommented:
Was the mentioned credential local administrator (of the destination machine)?

Try to enter the admin credential as the following format:
serverIP\administrator

K

0
 
lnkevinCommented:
Keep in my that your remote computer may or may not join to the domain. If you would like to use domain administrator credential, you have to join that remote PC to your domain. Once joined to the domain, you can login as domain\administrator

K
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
lnkevinCommented:
Correction: Keep in mind...

K
0
 
Chris WalshSoftware DeveloperAuthor Commented:
Thanks for your response Inkevin.  

1) The credentials "MYDOMAIN\Administrator" (in my example) represents the DOMAIN administrator account (and not the local computer's administrator account).

2) On the remote computer, I log in as MYDOMAIN\Chris.  It is also a member of MYDOMAIN\Administrators group on the domain.    I log in as MYDOMAIN\Chris (domain username) both when I am "in the office" and "at the remote location with the VPN link".  I never use the local computer user accounts.  MYDOMAIN\Chris and associated pwd have the same effect as using MYDOMAIN\Administrator; again when on the LAN in the office, the "net use" command doesn't ask for a username/pwd at all but uses your "currently logged in sid"

2b) My computer (WINDMILL) is a member of the domain also (Active Directory Users and Computers).  It's DNS name is windmill.mydomain.local, DC Type = Workstation or Server.  It is WinXP Pro with SP3 and kept up to date.  It is a member of Domain Computers (mydomain.local/Users)

2c) I can log in to the computer using my MYDOMAIN\Chris without a problem.  Outlook synchronises etc.  I can ping the remote LAN computers.

Hope this can help you help me home in on the problem!
0
 
lnkevinCommented:
Did you have DNS server entry in your VPN router?
In order to share resource via VPN, your DNS server IP need to be entered in VPN router.

Also, try to share the Projects folder and manually map it through windows before using net use.

K
0
 
Chris WalshSoftware DeveloperAuthor Commented:
Interesting.  I cannot get our server to resolve domain names for my remote computer.  As such, I have been using  hosts. file entries (we only have 3-4 computers and server is obviously static IP).

The exact same problem occurs however irrespective of whether I refer to the server in the NET USE command with IP address or DNS name (lookup in my hosts file).   In my example, I showed me using the IP address not the server domain name.

Are you saying that the DNS lookup facility HAS to be working in order for NET USE to work (and that hosts. file entries are not adequate)?

The Projects folder IS a File Share.  Works perfectly when I plug in on the LAN.  
What do you mean by "manually map [the Projects folder] through windows"? (do you mean using the user interface to do the mapping rather than NET USE cmd line?)

Add Network Place Wizard does exactly the same thing.  I enter "\\SERVERNAME\Projects" or "\\192.168.1.3\Projects", it asks for a username/password repeatedly and I have to cancel out.
0
 
Chris WalshSoftware DeveloperAuthor Commented:
I don't believe the me not having DNS services from the server to me remote machine is the cause of the problem.  All important domain names (on our VERY small network) are listed in my hosts file (on the remote machine) and are correct.
0
 
lnkevinCommented:
It may just be a permission set up in either the shared level or GPO/local policy that prevent the access from a remote computer. Please go through all Security Option under GPO and local policy to clear the condition. On the other hand, you can try to unshare and reshared the folder. I have seen things quirkly working after doing so. Also, just for testing, when it pops up a login prompt, instead of login with yourdomain\admin try to login with yourserverIP\local admin. I just want to clarify whether or not the issue is network related.

K
0
 
lnkevinCommented:
If it still doesn't work after you tried the following suggestion, the next step is getting screenshots of the following things:
- Shared folder Security tab. I would like to see all permission setup
- Permission on Share tab. I would like to check the everyone permission
- IP config /all of the remote PC

I have just overlooked something. This should be an easy fix.

K
0
 
Chris WalshSoftware DeveloperAuthor Commented:
Thanks inkevin,
I am away unti lTuesday.  I will look into your last two posts next week.  I think I have carefully checked File/Share Permissions but not checked GPO/Local Security Policies.  I will send my feedback next week.
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.