Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User with VPN Can't UNC to the server but can ping FQDN and ip and can UNC to iIP Address

Posted on 2009-05-14
12
Medium Priority
?
1,179 Views
Last Modified: 2012-06-21
A user of ours is using watchguards Mobile user VPN latest version on windows XP SP3 to connect into our network. the network is a class b the firewall that he connects to being 10.32.1.10 and the SBS 2003 Server being 10.32.2.10

he is on a 192.168.1.0 range class c at home.

the VPN connects succesfully to the work network, his exchange mailbox with outlook connects and updates mail. from his PC i can Ping the firewall and the server via IP, i can also Ping the Server by its name "fsl-is01" and fsl-is01.domain.co.uk etc

the problem is if i try to run a UNC path to the server from his desktop (say to view mapped drives) we get errors.

if i go to start run and type \\fsl-is01 we get the error:

\\fsl-is01

The network Path was not found

if i open an explorer window and type \\fsl-is01 into the explorer bar we get the error

Windows cannot find \\fsl-is01'. Check the spelling and try again, or try searching for the item by clicking the start button and then clicking Search.

Up untill reacently the user was using offline files which have now been switched off because of the VPN access he should be getting.

I have tried to flush dns, Nsl lookup finds the server correctly.

For all intents and purposes i cant find anything wrong at all with the connection but it still wont work.

does anyone have any suggestions?

Thanks
0
Comment
Question by:datafocus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 

Author Comment

by:datafocus
ID: 24384838
just noticed something while looking into this.
when i tired to copy the login script to his desktop from netlogon, i got the message
"Do you want to move or copy files from this zone?"  yes / no
ive not seen this before
0
 
LVL 2

Expert Comment

by:HFVgally
ID: 24393485
So your network configuration for the server is:
IP: 10.32.2.10
SM: 255.255.0.0
GW: 10.32.1.10
Is that correct?
Are you really using .co.uk on the server's internal domain name instead of the default .local or other non-TLD like .pvt or such? That can cause a lot of problems for remote connections right there.
Make sure that in the VPN setup on the watchguard that you specify the internal DNS and WINS server to be assigned to the client as being the IP of your internal server. You may also need to specify the connection specific dns suffix. Set the virtual adapter setting to Prefered as well (default is disabled). Also ensure that the subnet mask on the firewall is set correctly. With these settings applied, download a new .wgx file for the user and try to import it into the client (or if you are comfortable with the client software you can just re-create these settings by using the client security profile editor.)
The zone issue in IE means that it is not recognizing the server as being part of the intranet or trusted security zones - likely because of using a public TLD for the internal domain. You can manually add the domain *.domain.co.uk into the intranet security zone, close all browser/explorer instances, and reopen to see if that solves that issue.
0
 

Author Comment

by:datafocus
ID: 24393528
yes the ip info is correct and yes they are using fedsig.co.uk.
i should have said thatthere are perhaps 4 or 5 other users succesfully using vpn most days without any issues ill check the firewall settings as suggested, but i have a feeling its a client issue
 
cheers
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:HFVgally
ID: 24393545
Are the other clients on XP SP2? The "move or copy files from this zone" issue shows up after security enhancements added by SP3.
0
 
LVL 2

Expert Comment

by:HFVgally
ID: 24393560
Also, are you using the new 10.1 or 10.2 client on these systems, or the old 7.x client? Is everyone using the same MUVPN client?
0
 

Author Comment

by:datafocus
ID: 24393562
yes 90% of them are on sp3 if not all of them, i did try a fix for the move or copy file issue i found online adding them to the domain but it didnt seem to stop the message, altho i wasnt able to reboot at that time
0
 

Author Comment

by:datafocus
ID: 24393570
he was using 10.1 client but i uninstalled that and then installed 10.2 to try to fix the issue but it was still the same. i would imagine that they are still mostly on 10.1 there
7x how shite was that compared lol
0
 
LVL 2

Expert Comment

by:HFVgally
ID: 24393674
If you confirm firewall settings, and can confirm at least one other system with SP3, 10.1 or 10.2 of MUVPN using either identical settings or fresh .wgx file for the user's profile works as intended, then I would confirm generall TCP/IP settings between them and ensure that any WINS or DNS settings in particular on the problem machine match that of the known working system. Perhaps the working systems are using an LMHOSTS entry?
If there are no differences in the IP configuration, then you might try checking something (this is a longshot, but it's starting to feel like a NetBIOS issue if all the IP and vpn client settings match up):
HKLM/System/CurrentControlSet/Serivces/NetBT/Parameters/DhcpNodeType
The default should be set to 8. I have seen instances where some networks will set this to 2 (in the case of laptops that go traveling) and it screws up name resolution).
However, I'm more inclined to think there is some jiggery pokery going on with the other clients configurations to make them prefer to pass traffic across the VPN where they would by default be trying to pass it over the internet to a server.domain.co.uk address. Perhaps their VPN client configuration (or the configuration in the firewall for the user) dictates all traffic to use the tunnel?
0
 

Author Comment

by:datafocus
ID: 24393927
well just to add a little more history to the situation
all the clients were setup with default settings as i set them all up with version 10, so ive not done anything different in any of the configurations, and there is no one else who would have changed the configs. i also setup the firebox x20e the only issue is the firebox is on version 8.. were in the process of renewing the live security to get it to version 10 but it takes a few days to get these things through.
unless computer crash or other has happened its unlikely that any settings will have been changed deliberatly.
this users laptop is brand new so only reacently setup, and as i say i have turned off ofline files reacently which i thought was causing the issue, ill run through the suggestions anyway and see what i come up with
0
 
LVL 2

Accepted Solution

by:
HFVgally earned 1500 total points
ID: 24403587
I don't believe that either the current version of the firmware on the firewall or the version of your client is the issue really.
If you are confident that the client and computer configurations are the same (since you did them all). The only other thing I can think of that might be creating the problem is the ISP.
I've seen this kind of issue where the ISP does some kind of DNS redirect feature which tries to give you suggestions for "valid" domain names when you give them an address that doesn not return a valid DNS response.  Try nslookup fsl-is01 and see what comes back. It should report that it is a non-existent domain. If not, if it appends the connection specific dns suffix, and if it replies with IP addresses at all, then the ISP is using DNS redirect services. You can probably contact the ISP to tell them to turn it off.
Is it possible to test this laptop from another remote connection (preferably one that uses a different ISP).
0
 

Author Comment

by:datafocus
ID: 24411710
it might be possible i will look into that and see what results i get
thanks
0
 

Author Closing Comment

by:datafocus
ID: 31581437
ISP
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question