User with VPN Can't UNC to the server but can ping FQDN and ip and can UNC to iIP Address

A user of ours is using watchguards Mobile user VPN latest version on windows XP SP3 to connect into our network. the network is a class b the firewall that he connects to being and the SBS 2003 Server being

he is on a range class c at home.

the VPN connects succesfully to the work network, his exchange mailbox with outlook connects and updates mail. from his PC i can Ping the firewall and the server via IP, i can also Ping the Server by its name "fsl-is01" and etc

the problem is if i try to run a UNC path to the server from his desktop (say to view mapped drives) we get errors.

if i go to start run and type \\fsl-is01 we get the error:


The network Path was not found

if i open an explorer window and type \\fsl-is01 into the explorer bar we get the error

Windows cannot find \\fsl-is01'. Check the spelling and try again, or try searching for the item by clicking the start button and then clicking Search.

Up untill reacently the user was using offline files which have now been switched off because of the VPN access he should be getting.

I have tried to flush dns, Nsl lookup finds the server correctly.

For all intents and purposes i cant find anything wrong at all with the connection but it still wont work.

does anyone have any suggestions?

Who is Participating?

Improve company productivity with a Business Account.Sign Up

HFVgallyConnect With a Mentor Commented:
I don't believe that either the current version of the firmware on the firewall or the version of your client is the issue really.
If you are confident that the client and computer configurations are the same (since you did them all). The only other thing I can think of that might be creating the problem is the ISP.
I've seen this kind of issue where the ISP does some kind of DNS redirect feature which tries to give you suggestions for "valid" domain names when you give them an address that doesn not return a valid DNS response.  Try nslookup fsl-is01 and see what comes back. It should report that it is a non-existent domain. If not, if it appends the connection specific dns suffix, and if it replies with IP addresses at all, then the ISP is using DNS redirect services. You can probably contact the ISP to tell them to turn it off.
Is it possible to test this laptop from another remote connection (preferably one that uses a different ISP).
datafocusAuthor Commented:
just noticed something while looking into this.
when i tired to copy the login script to his desktop from netlogon, i got the message
"Do you want to move or copy files from this zone?"  yes / no
ive not seen this before
So your network configuration for the server is:
Is that correct?
Are you really using on the server's internal domain name instead of the default .local or other non-TLD like .pvt or such? That can cause a lot of problems for remote connections right there.
Make sure that in the VPN setup on the watchguard that you specify the internal DNS and WINS server to be assigned to the client as being the IP of your internal server. You may also need to specify the connection specific dns suffix. Set the virtual adapter setting to Prefered as well (default is disabled). Also ensure that the subnet mask on the firewall is set correctly. With these settings applied, download a new .wgx file for the user and try to import it into the client (or if you are comfortable with the client software you can just re-create these settings by using the client security profile editor.)
The zone issue in IE means that it is not recognizing the server as being part of the intranet or trusted security zones - likely because of using a public TLD for the internal domain. You can manually add the domain * into the intranet security zone, close all browser/explorer instances, and reopen to see if that solves that issue.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

datafocusAuthor Commented:
yes the ip info is correct and yes they are using
i should have said thatthere are perhaps 4 or 5 other users succesfully using vpn most days without any issues ill check the firewall settings as suggested, but i have a feeling its a client issue
Are the other clients on XP SP2? The "move or copy files from this zone" issue shows up after security enhancements added by SP3.
Also, are you using the new 10.1 or 10.2 client on these systems, or the old 7.x client? Is everyone using the same MUVPN client?
datafocusAuthor Commented:
yes 90% of them are on sp3 if not all of them, i did try a fix for the move or copy file issue i found online adding them to the domain but it didnt seem to stop the message, altho i wasnt able to reboot at that time
datafocusAuthor Commented:
he was using 10.1 client but i uninstalled that and then installed 10.2 to try to fix the issue but it was still the same. i would imagine that they are still mostly on 10.1 there
7x how shite was that compared lol
If you confirm firewall settings, and can confirm at least one other system with SP3, 10.1 or 10.2 of MUVPN using either identical settings or fresh .wgx file for the user's profile works as intended, then I would confirm generall TCP/IP settings between them and ensure that any WINS or DNS settings in particular on the problem machine match that of the known working system. Perhaps the working systems are using an LMHOSTS entry?
If there are no differences in the IP configuration, then you might try checking something (this is a longshot, but it's starting to feel like a NetBIOS issue if all the IP and vpn client settings match up):
The default should be set to 8. I have seen instances where some networks will set this to 2 (in the case of laptops that go traveling) and it screws up name resolution).
However, I'm more inclined to think there is some jiggery pokery going on with the other clients configurations to make them prefer to pass traffic across the VPN where they would by default be trying to pass it over the internet to a address. Perhaps their VPN client configuration (or the configuration in the firewall for the user) dictates all traffic to use the tunnel?
datafocusAuthor Commented:
well just to add a little more history to the situation
all the clients were setup with default settings as i set them all up with version 10, so ive not done anything different in any of the configurations, and there is no one else who would have changed the configs. i also setup the firebox x20e the only issue is the firebox is on version 8.. were in the process of renewing the live security to get it to version 10 but it takes a few days to get these things through.
unless computer crash or other has happened its unlikely that any settings will have been changed deliberatly.
this users laptop is brand new so only reacently setup, and as i say i have turned off ofline files reacently which i thought was causing the issue, ill run through the suggestions anyway and see what i come up with
datafocusAuthor Commented:
it might be possible i will look into that and see what results i get
datafocusAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.