?
Solved

VPN working except for mapped drives

Posted on 2009-02-18
11
Medium Priority
?
339 Views
Last Modified: 2013-11-12
Hello All,
Our office has a single Windows 2008 Server (Active Directory, PDC) and a VPN connection between office and remote office using two ZyXEL Prestige P662 routers.

VPN works well and is stable (e.g. FTP, RDP and HTTP via local IP addresses).

What doesn't work is mapping drives.  If I try to map a drive (using IP address of server) then it asks for a username/pwd.  I enter the administrator credentials and then it says Access is denied!  Doing the same when "on the LAN" works perfectly.  I've tried to interpret the logs but I am not sure what to look for.

Bottom line, I am having do all my file access via FTP.

Can someone point me in the right direction.  I can supply services start state, and log entries if required)

Office   IP address range is 192.168.1.0   /24.  
Remote IP address range is 192.168.68.0 /24.

Thanks.

C:\Program Files\Microsoft Visual Studio 9.0\VC>net use T: \\192.168.1.3\Projects
Enter the user name for '192.168.1.3': MYDOMAIN\Administrator
Enter the password for 192.168.1.3: (enter-my-password-here)
System error 5 has occurred.
 
Access is denied.

Open in new window

0
Comment
Question by:Chris Walsh
  • 6
  • 5
11 Comments
 
LVL 26

Expert Comment

by:lnkevin
ID: 23670413
Was the mentioned credential local administrator (of the destination machine)?

Try to enter the admin credential as the following format:
serverIP\administrator

K

0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23670440
Keep in my that your remote computer may or may not join to the domain. If you would like to use domain administrator credential, you have to join that remote PC to your domain. Once joined to the domain, you can login as domain\administrator

K
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23670450
Correction: Keep in mind...

K
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 2

Author Comment

by:Chris Walsh
ID: 23671061
Thanks for your response Inkevin.  

1) The credentials "MYDOMAIN\Administrator" (in my example) represents the DOMAIN administrator account (and not the local computer's administrator account).

2) On the remote computer, I log in as MYDOMAIN\Chris.  It is also a member of MYDOMAIN\Administrators group on the domain.    I log in as MYDOMAIN\Chris (domain username) both when I am "in the office" and "at the remote location with the VPN link".  I never use the local computer user accounts.  MYDOMAIN\Chris and associated pwd have the same effect as using MYDOMAIN\Administrator; again when on the LAN in the office, the "net use" command doesn't ask for a username/pwd at all but uses your "currently logged in sid"

2b) My computer (WINDMILL) is a member of the domain also (Active Directory Users and Computers).  It's DNS name is windmill.mydomain.local, DC Type = Workstation or Server.  It is WinXP Pro with SP3 and kept up to date.  It is a member of Domain Computers (mydomain.local/Users)

2c) I can log in to the computer using my MYDOMAIN\Chris without a problem.  Outlook synchronises etc.  I can ping the remote LAN computers.

Hope this can help you help me home in on the problem!
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23671353
Did you have DNS server entry in your VPN router?
In order to share resource via VPN, your DNS server IP need to be entered in VPN router.

Also, try to share the Projects folder and manually map it through windows before using net use.

K
0
 
LVL 2

Author Comment

by:Chris Walsh
ID: 23672108
Interesting.  I cannot get our server to resolve domain names for my remote computer.  As such, I have been using  hosts. file entries (we only have 3-4 computers and server is obviously static IP).

The exact same problem occurs however irrespective of whether I refer to the server in the NET USE command with IP address or DNS name (lookup in my hosts file).   In my example, I showed me using the IP address not the server domain name.

Are you saying that the DNS lookup facility HAS to be working in order for NET USE to work (and that hosts. file entries are not adequate)?

The Projects folder IS a File Share.  Works perfectly when I plug in on the LAN.  
What do you mean by "manually map [the Projects folder] through windows"? (do you mean using the user interface to do the mapping rather than NET USE cmd line?)

Add Network Place Wizard does exactly the same thing.  I enter "\\SERVERNAME\Projects" or "\\192.168.1.3\Projects", it asks for a username/password repeatedly and I have to cancel out.
0
 
LVL 2

Author Comment

by:Chris Walsh
ID: 23893082
I don't believe the me not having DNS services from the server to me remote machine is the cause of the problem.  All important domain names (on our VERY small network) are listed in my hosts file (on the remote machine) and are correct.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23897388
It may just be a permission set up in either the shared level or GPO/local policy that prevent the access from a remote computer. Please go through all Security Option under GPO and local policy to clear the condition. On the other hand, you can try to unshare and reshared the folder. I have seen things quirkly working after doing so. Also, just for testing, when it pops up a login prompt, instead of login with yourdomain\admin try to login with yourserverIP\local admin. I just want to clarify whether or not the issue is network related.

K
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 23897505
If it still doesn't work after you tried the following suggestion, the next step is getting screenshots of the following things:
- Shared folder Security tab. I would like to see all permission setup
- Permission on Share tab. I would like to check the everyone permission
- IP config /all of the remote PC

I have just overlooked something. This should be an easy fix.

K
0
 
LVL 2

Author Comment

by:Chris Walsh
ID: 24054947
Thanks inkevin,
I am away unti lTuesday.  I will look into your last two posts next week.  I think I have carefully checked File/Share Permissions but not checked GPO/Local Security Policies.  I will send my feedback next week.
Thanks.
0
 
LVL 2

Accepted Solution

by:
Chris Walsh earned 0 total points
ID: 25252875
This problem no longer occurred for 3-4 months now.
In much the same way that I can't work out what caused it, I cannot work out what made it go away either.  The problem did exist constantly for a number of months however.

I don't know whether I can close this question and mark it "unsolved" (an X-File!).
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question