Unable to map a drive XP on VPN

I run remote backup to am XP machine at home, connected to the office via a Sonicwall hardware VPN.  I just upgraded the home machine, but am unable to map the shared drive on the server in the office, through the VPN.  Here are some details:
1. Home machine IP is 192.168.0.201, part of the office domain.
2. Office SBS2003 server is 172.25.25.100
3. Can ping either direction, both with IP and machine names.  Can also RDP either way.
4. The home machine can map drives that are on the server.
5. The server, or any other machines in office, are unable to map any drives on the home machine.
6.  The home machine sharing is set up as follows:
Share name: Backup-Drive
Allow this number of users: 5
Permissions: administrator and backup operator for domains have full control
Security tab; administrator and backup operator have full control.

7. I noticed on the windows firewall log of the remote machine that UDP from ports 4480, 4481 from the server were being blocked.  So I disabled the windows firewall and these log entries ended.

8.  When trying to map the drive, the error is "network path not found".  The event log on both machines shows nothing.

 At this point, I am not sure what do try next.
sgarson1Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
A couple of thoughts:
-Is the Windows or similar firewall enabled on the machine to which you are trying to connect? If so, by default if file and print sharing are enabled, it will create an exception, but only for the local subnet. Any other subnet will be blocked for that service. You need to add the remote subnet for TCP 139 & 445, UDP 137 & 138, or choose, "allow all computers even those on the Internet" under edit scope options of the firewall.
-not being able to browse over a VPN is common. If there is no WINS server at one end, browsing relies on NetBIOS broadcasts. These are not routable, and therefore not forwarded over a VPN.
-though name resolution works, use the IP for mapping as name resolution over a VPN can be inconsistent
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
-how are you mapping the drive? I assume the home computer it is not a member of the same domain. If so you need to provide credentials, so I would recommend doing so from a command line:
 net use x: \\192.168.0.201\Backup-Drive  password  /USER:domainORcomputer\username
(USER is not a variable and domainORcomputer is the name of the home computer, assuming not a member of the domain)
0
 
rbeckerditeCommented:
What client software are you uisng for the Sonicwall?  Is the dns for the vpn client configured correctly?  i
0
 
sgarson1Author Commented:
Using the hardware firewall, not the Global VPN client.  The VPN works fine and the mapping was not a problem until i upgraded from the old Windows 2000 box that was replaced by this one.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
anvansterCommented:
Check out Sharing permissions on your shared directory. Set it to everyone full permissions. In Sharing tab, not security tab.
0
 
rbeckerditeCommented:
Hardware VPN? do you mean the Sonicwall SSL NetExtender software or are there two sonicwall devices managing the ? can you give the model of the vpn device?   The dns configuration between the two computers may be different.  Do you still have access to he old 2000 box to check its configuration?    
0
 
sgarson1Author Commented:
No difference, but some additional info.  When I select to browse for folder when mapping, it shows my domain name, but not the machine that I cannot map to.
0
 
vandCommented:
From the server are you able to browse to \\192.168.0.201\rpc$
0
 
vandCommented:
Sorry IPC$
0
 
anvansterCommented:
Do you have "File an printers sharing" enabled in you Network connections --> LAN?
0
 
vandCommented:
Some other things to look at:

Is "Client for Microsoft Networks" checked on the connection?

Is the Computer Browser service started and set to auto?

Try to force enable NetBios over TCP/IP.

If none of these work run netsh winsock reset from a command prompt.
0
 
rbeckerditeCommented:
Assuming there is no difference between the 2000 and XP boxes DNS configuration.

  Are pings reliable between the two boxes?  I note you are using IP addresses that says to me that your dns may not be working?   I find the only time i get a "network path was not found" error with net use is because the IP address is unreachable.  That is either routing, client firewall or rules on your vpn device.  


Do you get prompted  
0
 
sgarson1Author Commented:
The only reason I list the IPs is because I know them.  The names resolve through DNS.  I wrote down the network config settings from the old machine before I shut it down.

Pings are reliable at 30ms with no packet loss.
0
 
rbeckerditeCommented:
try using the fqdn in the statement when you try and map the server
0
 
sgarson1Author Commented:
do you mean: domain.local\machine-name ?

That gave the same not found result.
0
 
rbeckerditeCommented:
domain.local\username
0
 
rbeckerditeCommented:
your ping error says there is something causing a network communication issue as best as i can tell.  Can you review the access rules in your vpn device? Could the old pc been given a special rule? Maybe you could make sure your new pc is the same IP as your old one.
0
 
sgarson1Author Commented:
The new PC is the same IP as the old one.  That's what puzzles me.
0
 
rbeckerditeCommented:
Are you using an antivirus solution on the xp box?
0
 
anvansterCommented:
Check correct time setting on your PC and Domain controller. Big difference can cause network sharing problems
0
 
sgarson1Author Commented:
Shut off my anti-virus.  Checked that the time on home and server are the same.

I just ran an ethereal trace from the home machine in the home that this information might help understand the problem.  The trace is attached as a text file since the site restricts uploads.
BCC-Wiretrace.txt
0
 
rbeckerditeCommented:
192.168.0.1           192.168.0.201     are these the vpn interface and destination ip? If so it appears that this error is getting generated by the vpn/firewall "Broadcast packet dropped"  I wonder if this is the product.  I would check the VPN device for errors.   There is something different on the firewall from what i can see but it would take me sometime to get familiar enough to get deep in the wiretrace.
0
 
sgarson1Author Commented:
192.168.0.1 is the VPN interface and 192.168.0.201 is the machine in question.

I looked at the firewall logs and nothing is being blocked

212      03/31/2009 15:41:56.400      VPN TCP SYN      172.25.25.110, 3389      192.168.0.201, 2008              
213      03/31/2009 15:44:07.656      VPN TCP SYN      172.25.25.110, 445      192.168.0.201, 2015              
214      03/31/2009 15:45:30.560      VPN TCP SYN      172.25.25.110, 445      192.168.0.201, 2020              
215      03/31/2009 15:49:16.208      VPN TCP SYN      172.25.25.150, 3389      192.168.0.201, 2102              
216      03/31/2009 15:52:05.896      VPN TCP SYN      172.25.25.110, 135      192.168.0.201, 2188              
217      03/31/2009 15:53:09.832      VPN TCP SYN      172.25.25.150, 3389      192.168.0.201, 2260              
218      03/31/2009 15:55:12.384      VPN TCP SYN      172.25.25.110, 135      192.168.0.201, 2264              
219      03/31/2009 16:02:33.224      VPN TCP PSH      172.25.25.150, 3389      192.168.0.201, 2260              
220      03/31/2009 16:07:47.944      VPN TCP SYN      172.25.25.110, 445      192.168.0.201, 2280
0
 
sgarson1Author Commented:
Just confirmed that I can map from another machine in the 192.168.0.0 subnet.
0
 
vandCommented:
Some other things to look at:

Is "Client for Microsoft Networks" checked on the connection?

Is the Computer Browser service started and set to auto?

Try to force enable NetBios over TCP/IP.

If none of these work run netsh winsock reset from a command prompt.
0
 
vandCommented:
Also, verify Anvanster's question:
Do you have "File an printers sharing" enabled in you Network connections --> LAN?

Seeing how the Domain is registering but the PC is not and you are able to map the other direction, it seems to be PC/configuration  based.

0
 
sgarson1Author Commented:
vand:

Thanks for your suggestions.  File and print sharing is activated and I am able to map to the drive if I am on the same subnet, i.e. on my home network.

Perhaps I should try simply removing TCP/IP from the network settings,rebooting, and then adding it back.
0
 
anvansterCommented:
Try adding your network server to "hosts" file.
0
 
sgarson1Author Commented:
I added the network server to the remote hosts file.

In checking the server, the remote machine is registered in the WINS database.  In looking in the active directory, the remote machine is NOT listed in the domain.local under the Computers folder.  But it IS listed under the domain.local\MyBusiness\Computers\SBSComputers.

I would expect that it should be in both places.
0
 
sgarson1Author Commented:
A new revelation:  from the remote machine, I can browse the HQ network and see all the computers, including the remote machine.

Browsing from the server, I do not see the remote machine on the network.
0
 
sgarson1Author Commented:
Rob:  I think you are onto the solution.  I am looking at the windows firewall advanced settings.  How would I add a remote subnet, rather than open those ports to the internet?

I am mapping with the IP: //192.168.0.201/BACKUP-MACHINE  where BACKUP-MACHINE is the share name.  The machine is on the domain and the machine from which we are mapping has credentials on this one.

I'll try this tonight.  I didn't have the problem with the previous Windows2000 machine because it didn't have the windows firewall.
0
 
Rob WilliamsCommented:
Where the computer is behind a firewall you are not really opening it to the Internet so there is little risk. You might want to do this even just as a test, or even switch off the firewall for testing. However, if you want to manually add the exceptions you need to do so for each of the 4 ports; TCP 139 & 445, UDP 137 & 138. There is an example for port 3389 on my web site:
http://www.lan-2-wan.com/RD-FW.htm

I assume  //192.168.0.201/BACKUP-MACHINE   is a typo? It should be: \\192.168.0.201\BACKUP-MACHINE  
If the home machine is a member of the domain you shouldn't have a credential problem.

0
 
sgarson1Author Commented:
When I went to add each port exception, windows said that the port already is an exception.  Is there a way to see what the XP firewall is actually configured?
0
 
sgarson1Author Commented:
I shut down the firewall service on the XP machine and can now map to the machine.  So you are the man!  For what ever reasons, the exceptions didn't do the trick.

THANK YOU SO MUCH!!!
0
 
sgarson1Author Commented:
The key solution is that you need to open the firewall ports.  I couldn't manage that, but simply shut off the firewall service.  Mission accomplished.
0
 
Rob WilliamsCommented:
Sorry I was off-line for a while. If you want to leave the firewall enabled, you don't add a port exception. As the message stated there is a port exception already, however it is likely defined as for "local subnet only". To change go to control panel | windows firewall | exceptions | highlight "file and print sharing" and click edit | for each port highlight and choose change scope | then enter the changes; either "any computer (including those on the Internet)" or 192.168.0.0/255.255.255.0,172.25.25.0/255.255.255.0 [note no spaces]
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.