Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Accessing Windows 2008 Fileserver via VPN

Posted on 2009-06-30
13
Medium Priority
?
877 Views
Last Modified: 2012-08-14
I've recently started migrating our companies file server from Novell onto Server 2008, everything's working ok apart from mapping drives via VPN.

I've created a login script to run after the VPN connection is made and the script itself works fine when I'm connected to the network. When I'm connected via VPN to the network however I get the 'network path not found' error.
We have a very strong corporate firewall (which i have i no control/management of) so I assumed additional ports needed to be opened on the firewall. After talking to the firewall guys and getting various ports opened with no result I requested they create an 'any rule' allowing any traffic from my VPN IP to the Windows File Server (for testing only)
However I'm still getting the 'network path not found' error and am unable to telnet to the server on various ports. Can't ping the server etc.
The Windows Server 2008 firewall itself is completely disabled.

When connected on the internal network I can:
Ping the server
Telnet on: 139, 445, 3389, 48778
Map drives fine via UNC path or Login Script i created.

Over VPN since the any rule was put in I can:
Resolve IP via ping but the actual request times out.
Telnet on 3389 & 48778 (Trend Micro port)
RDP into the File Server.

Can anyone think of anything i might be missing? Any more information you need?
A colleague of mine is a linux nut and he explained that while the local firewall is open the service itself might only accept connections from a certain subnet etc. ie. the file sharing service or whatever that listens on 445 may only accept connections from the same subnet as itself.
I've never heard about this in windows, is this a possibility?

I've done a netstat -a and pasted it in the code section below after removing any established connections.

The corporate firewall is apparently showing no blocked ports in logs, searching through the VPN logs we can see alot of connections trying to be made on ports 80/8080/524 and RST ACK are sent back but nothing on any file sharing ports.

wfs01 is the filesever and has a 172.19.12.6 IP. When i come in over VPN I am given 192.168.103.176, but RDP is working so the NATing is ok?
TCP    0.0.0.0:111            wfs01:0                LISTENING
 TCP    0.0.0.0:135            wfs01:0                LISTENING
 TCP    0.0.0.0:445            wfs01:0                LISTENING
 TCP    0.0.0.0:1039           wfs01:0                LISTENING
 TCP    0.0.0.0:1047           wfs01:0                LISTENING
 TCP    0.0.0.0:1048           wfs01:0                LISTENING
 TCP    0.0.0.0:1581           wfs01:0                LISTENING
 TCP    0.0.0.0:1688           wfs01:0                LISTENING
 TCP    0.0.0.0:2049           wfs01:0                LISTENING
 TCP    0.0.0.0:3389           wfs01:0                LISTENING
 TCP    0.0.0.0:5357           wfs01:0                LISTENING
 TCP    0.0.0.0:48778          wfs01:0                LISTENING
 TCP    0.0.0.0:49152          wfs01:0                LISTENING
 TCP    0.0.0.0:49153          wfs01:0                LISTENING
 TCP    0.0.0.0:49154          wfs01:0                LISTENING
 TCP    0.0.0.0:49155          wfs01:0                LISTENING
 TCP    0.0.0.0:49193          wfs01:0                LISTENING
 TCP    0.0.0.0:49208          wfs01:0                LISTENING
 TCP    0.0.0.0:51238          wfs01:0                LISTENING

Open in new window

0
Comment
Question by:andoss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 3

Expert Comment

by:boat_anker
ID: 24752104
Hi, this may be a long shot but something similar was happening for me. First of all does the script contain a UNC path e.g. \\servername\path to create th map drive? If so the problem can be at the router if Broadcast name resolution is not enabled?

My users couldn't get to file shares in windows explorer using the address \\servername\share until Braodcast name resolution was turned on at the VPN router. Not sure if all routers have this setting however

0
 

Expert Comment

by:HeadAche1
ID: 24752900
we had a similar problem on our network and found that we had to manualy specify a WINS address on the VPN connection for the name resolution to work.
You could also try mapping via ip instead of server name.

0
 
LVL 8

Author Comment

by:andoss
ID: 24759018
Unfortunately I've tried connecting via IP also and same problem occurs. I'm quite sure DNS/Name Resolution is fine anyway as I can RDP to the server using it's host name.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 8

Author Comment

by:andoss
ID: 24759454
I've been told one of our network guys did some testing from home last night, he switched off the firewall for himself via VPN and he could ping any server apart from my Windows Server 2008 fileserver. He set up a fileshare on another server and could access this fine also, so seems to be an issue with the server itself not our corporate firewall.

As i said the local firewall is completely switched off however there's still the security policy settings, is it possible these are blocking connection from unknown IP's (our VPN IP) while accepting connections from known ones (our internal IP).

For some reason it seems to still be trying to connect on port 524 which is a Netware port.
0
 
LVL 3

Expert Comment

by:boat_anker
ID: 24759783
Have you tried disabling the Anti-Virus software on the server as it may have its own firewall settings also.
0
 
LVL 5

Expert Comment

by:vguzman
ID: 24760243
try:

net use \\remote\sharefolder password /u:domain\username /persistent:yes
0
 
LVL 8

Author Comment

by:andoss
ID: 24760509
Yes the Anti-Virus (Trend Micro) has been disabled on the server even though it's built in firewall isn't used.

vquzman: I know how to map a drive, there is a setting or network problem preventing me from doing so hence my questions. Obviously using that syntax over VPN gives the same result of 'Network path not found'. From internally it works fine.
0
 
LVL 5

Expert Comment

by:vguzman
ID: 24764269
On the 2008 server, in the "Network and sharing center" is the "network discovery" turned on? is the " file sharing" on?
Down below in "show me all the shared network folders on this computer", what do you see when you click it ?
Can you ping you computer (on the other side of the VPN) FROM  the 2008 server ?
0
 
LVL 8

Author Comment

by:andoss
ID: 24768605
Network Discovery is on as is File Sharing.

When i click 'Show me all the files and folders I am sharing' I see nothing. However when i click 'Show me all the shared network folders on this computer' I see the 3 network shares I've setup aswell as printers.

Can't ping the VPN client computer from the 2008 server and I believe this is due to the firewall setup and maybe routing, I think the network guys only setup rules allowing the connection from the VPN > server not from server > VPN. Is this likely to be an issue?
0
 
LVL 3

Expert Comment

by:boat_anker
ID: 24769048
Is the subnet that the servers IP (172.19.12.6) is on, the same subnet that all the other servers that you can connect to on while you are on VPN?

What if you set up VPN to give you the IP address on the same subnet as the server? Also, is the subnet you are connect from the same subnet you are connecting to as this won't work?

It sounds like a bad route. Yes I know you can connect via RDP but stranger things have happened. Do you have anotehr network card to test in the server?

Just so you know. I have a standard install of Windows 2008 server and I have no problem connecting via VPN, so there is no special setting to worry about after a default install of Server 2008.

As for the Local Security Policy and the firewall, if there is anything in the local security policy, disable it also to ensure nothing is getting blocked.

0
 
LVL 8

Author Comment

by:andoss
ID: 24769138
Yes, same subnet as other servers on the network. Our old file server was Novell (172.19.12.5) and accessing this via VPN workedwithout issues.

Can't change the VPN settings to give me an internal IP Address and i know the network guys won't do this for me unfortunately.
Internally we are 255.255.252.0 via VPN it's 255.255.255.0 however i've been assured all the routing and NATing is setup correctly.

Sorry i'm not extremely knowledgable on networking side of things however how would i connect via RDP and be able to telnet on our Trend port and it still be a bad route? Can't try another network card in the server as it's a virtual machine.

I've just run-up a clean Win 2008 Server and got another any rule put into place to connect to this machine. Exactly the same issue, Can RDP to it but can't ping or connect on ports 137,138,139 or 445.

Nothing in Local Security Policy except defaults. As you said, I'm starting to believe it's unrelated to my Windows Server and more a problem on the network side of things. However I'm not having any luck convincing the network guys of this.
0
 
LVL 3

Expert Comment

by:boat_anker
ID: 24769173
Can you confirm that you can connect to other servers that are virtual machines while you are on the VPN?
0
 
LVL 8

Accepted Solution

by:
andoss earned 0 total points
ID: 24769306
Hmm well one of the network guys did some testing and he could get to a network share on a Windows 2003 server he setup, hes not in today however i just got rules opened to another Windows 2003 server and exactly the same problems as with 2008... Can RDP but can't get to network shares and can't ping. Majority of our machines are virtual servers, the clean Server 2008 box i setup for testing is physical however so fairly sure that's not the issue.

Not sure exactly what the network guy did when he was succesful but i believe he turned off one of the VPN firewalls completely so going to assume that's where it's being blocked.

Probably best not wasting your time with this question anymore until I can confirm this or not which I won't be able to do till Monday, thanks very much for your suggestions has helped the problem solving process. Whole thing has been a political nightmare.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question