Accessing Windows 2008 Fileserver via VPN
I've recently started migrating our companies file server from Novell onto Server 2008, everything's working ok apart from mapping drives via VPN.
I've created a login script to run after the VPN connection is made and the script itself works fine when I'm connected to the network. When I'm connected via VPN to the network however I get the 'network path not found' error.
We have a very strong corporate firewall (which i have i no control/management of) so I assumed additional ports needed to be opened on the firewall. After talking to the firewall guys and getting various ports opened with no result I requested they create an 'any rule' allowing any traffic from my VPN IP to the Windows File Server (for testing only)
However I'm still getting the 'network path not found' error and am unable to telnet to the server on various ports. Can't ping the server etc.
The Windows Server 2008 firewall itself is completely disabled.
When connected on the internal network I can:
Ping the server
Telnet on: 139, 445, 3389, 48778
Map drives fine via UNC path or Login Script i created.
Over VPN since the any rule was put in I can:
Resolve IP via ping but the actual request times out.
Telnet on 3389 & 48778 (Trend Micro port)
RDP into the File Server.
Can anyone think of anything i might be missing? Any more information you need?
A colleague of mine is a linux nut and he explained that while the local firewall is open the service itself might only accept connections from a certain subnet etc. ie. the file sharing service or whatever that listens on 445 may only accept connections from the same subnet as itself.
I've never heard about this in windows, is this a possibility?
I've done a netstat -a and pasted it in the code section below after removing any established connections.
The corporate firewall is apparently showing no blocked ports in logs, searching through the VPN logs we can see alot of connections trying to be made on ports 80/8080/524 and RST ACK are sent back but nothing on any file sharing ports.
wfs01 is the filesever and has a 172.19.12.6 IP. When i come in over VPN I am given 192.168.103.176, but RDP is working so the NATing is ok?
I've created a login script to run after the VPN connection is made and the script itself works fine when I'm connected to the network. When I'm connected via VPN to the network however I get the 'network path not found' error.
We have a very strong corporate firewall (which i have i no control/management of) so I assumed additional ports needed to be opened on the firewall. After talking to the firewall guys and getting various ports opened with no result I requested they create an 'any rule' allowing any traffic from my VPN IP to the Windows File Server (for testing only)
However I'm still getting the 'network path not found' error and am unable to telnet to the server on various ports. Can't ping the server etc.
The Windows Server 2008 firewall itself is completely disabled.
When connected on the internal network I can:
Ping the server
Telnet on: 139, 445, 3389, 48778
Map drives fine via UNC path or Login Script i created.
Over VPN since the any rule was put in I can:
Resolve IP via ping but the actual request times out.
Telnet on 3389 & 48778 (Trend Micro port)
RDP into the File Server.
Can anyone think of anything i might be missing? Any more information you need?
A colleague of mine is a linux nut and he explained that while the local firewall is open the service itself might only accept connections from a certain subnet etc. ie. the file sharing service or whatever that listens on 445 may only accept connections from the same subnet as itself.
I've never heard about this in windows, is this a possibility?
I've done a netstat -a and pasted it in the code section below after removing any established connections.
The corporate firewall is apparently showing no blocked ports in logs, searching through the VPN logs we can see alot of connections trying to be made on ports 80/8080/524 and RST ACK are sent back but nothing on any file sharing ports.
wfs01 is the filesever and has a 172.19.12.6 IP. When i come in over VPN I am given 192.168.103.176, but RDP is working so the NATing is ok?
TCP 0.0.0.0:111 wfs01:0 LISTENING
TCP 0.0.0.0:135 wfs01:0 LISTENING
TCP 0.0.0.0:445 wfs01:0 LISTENING
TCP 0.0.0.0:1039 wfs01:0 LISTENING
TCP 0.0.0.0:1047 wfs01:0 LISTENING
TCP 0.0.0.0:1048 wfs01:0 LISTENING
TCP 0.0.0.0:1581 wfs01:0 LISTENING
TCP 0.0.0.0:1688 wfs01:0 LISTENING
TCP 0.0.0.0:2049 wfs01:0 LISTENING
TCP 0.0.0.0:3389 wfs01:0 LISTENING
TCP 0.0.0.0:5357 wfs01:0 LISTENING
TCP 0.0.0.0:48778 wfs01:0 LISTENING
TCP 0.0.0.0:49152 wfs01:0 LISTENING
TCP 0.0.0.0:49153 wfs01:0 LISTENING
TCP 0.0.0.0:49154 wfs01:0 LISTENING
TCP 0.0.0.0:49155 wfs01:0 LISTENING
TCP 0.0.0.0:49193 wfs01:0 LISTENING
TCP 0.0.0.0:49208 wfs01:0 LISTENING
TCP 0.0.0.0:51238 wfs01:0 LISTENING
we had a similar problem on our network and found that we had to manualy specify a WINS address on the VPN connection for the name resolution to work.
You could also try mapping via ip instead of server name.
You could also try mapping via ip instead of server name.
ASKER
Unfortunately I've tried connecting via IP also and same problem occurs. I'm quite sure DNS/Name Resolution is fine anyway as I can RDP to the server using it's host name.
ASKER
I've been told one of our network guys did some testing from home last night, he switched off the firewall for himself via VPN and he could ping any server apart from my Windows Server 2008 fileserver. He set up a fileshare on another server and could access this fine also, so seems to be an issue with the server itself not our corporate firewall.
As i said the local firewall is completely switched off however there's still the security policy settings, is it possible these are blocking connection from unknown IP's (our VPN IP) while accepting connections from known ones (our internal IP).
For some reason it seems to still be trying to connect on port 524 which is a Netware port.
As i said the local firewall is completely switched off however there's still the security policy settings, is it possible these are blocking connection from unknown IP's (our VPN IP) while accepting connections from known ones (our internal IP).
For some reason it seems to still be trying to connect on port 524 which is a Netware port.
Have you tried disabling the Anti-Virus software on the server as it may have its own firewall settings also.
try:
net use \\remote\sharefolder password /u:domain\username /persistent:yes
net use \\remote\sharefolder password /u:domain\username /persistent:yes
ASKER
Yes the Anti-Virus (Trend Micro) has been disabled on the server even though it's built in firewall isn't used.
vquzman: I know how to map a drive, there is a setting or network problem preventing me from doing so hence my questions. Obviously using that syntax over VPN gives the same result of 'Network path not found'. From internally it works fine.
vquzman: I know how to map a drive, there is a setting or network problem preventing me from doing so hence my questions. Obviously using that syntax over VPN gives the same result of 'Network path not found'. From internally it works fine.
On the 2008 server, in the "Network and sharing center" is the "network discovery" turned on? is the " file sharing" on?
Down below in "show me all the shared network folders on this computer", what do you see when you click it ?
Can you ping you computer (on the other side of the VPN) FROM the 2008 server ?
Down below in "show me all the shared network folders on this computer", what do you see when you click it ?
Can you ping you computer (on the other side of the VPN) FROM the 2008 server ?
ASKER
Network Discovery is on as is File Sharing.
When i click 'Show me all the files and folders I am sharing' I see nothing. However when i click 'Show me all the shared network folders on this computer' I see the 3 network shares I've setup aswell as printers.
Can't ping the VPN client computer from the 2008 server and I believe this is due to the firewall setup and maybe routing, I think the network guys only setup rules allowing the connection from the VPN > server not from server > VPN. Is this likely to be an issue?
When i click 'Show me all the files and folders I am sharing' I see nothing. However when i click 'Show me all the shared network folders on this computer' I see the 3 network shares I've setup aswell as printers.
Can't ping the VPN client computer from the 2008 server and I believe this is due to the firewall setup and maybe routing, I think the network guys only setup rules allowing the connection from the VPN > server not from server > VPN. Is this likely to be an issue?
Is the subnet that the servers IP (172.19.12.6) is on, the same subnet that all the other servers that you can connect to on while you are on VPN?
What if you set up VPN to give you the IP address on the same subnet as the server? Also, is the subnet you are connect from the same subnet you are connecting to as this won't work?
It sounds like a bad route. Yes I know you can connect via RDP but stranger things have happened. Do you have anotehr network card to test in the server?
Just so you know. I have a standard install of Windows 2008 server and I have no problem connecting via VPN, so there is no special setting to worry about after a default install of Server 2008.
As for the Local Security Policy and the firewall, if there is anything in the local security policy, disable it also to ensure nothing is getting blocked.
What if you set up VPN to give you the IP address on the same subnet as the server? Also, is the subnet you are connect from the same subnet you are connecting to as this won't work?
It sounds like a bad route. Yes I know you can connect via RDP but stranger things have happened. Do you have anotehr network card to test in the server?
Just so you know. I have a standard install of Windows 2008 server and I have no problem connecting via VPN, so there is no special setting to worry about after a default install of Server 2008.
As for the Local Security Policy and the firewall, if there is anything in the local security policy, disable it also to ensure nothing is getting blocked.
ASKER
Yes, same subnet as other servers on the network. Our old file server was Novell (172.19.12.5) and accessing this via VPN workedwithout issues.
Can't change the VPN settings to give me an internal IP Address and i know the network guys won't do this for me unfortunately.
Internally we are 255.255.252.0 via VPN it's 255.255.255.0 however i've been assured all the routing and NATing is setup correctly.
Sorry i'm not extremely knowledgable on networking side of things however how would i connect via RDP and be able to telnet on our Trend port and it still be a bad route? Can't try another network card in the server as it's a virtual machine.
I've just run-up a clean Win 2008 Server and got another any rule put into place to connect to this machine. Exactly the same issue, Can RDP to it but can't ping or connect on ports 137,138,139 or 445.
Nothing in Local Security Policy except defaults. As you said, I'm starting to believe it's unrelated to my Windows Server and more a problem on the network side of things. However I'm not having any luck convincing the network guys of this.
Can't change the VPN settings to give me an internal IP Address and i know the network guys won't do this for me unfortunately.
Internally we are 255.255.252.0 via VPN it's 255.255.255.0 however i've been assured all the routing and NATing is setup correctly.
Sorry i'm not extremely knowledgable on networking side of things however how would i connect via RDP and be able to telnet on our Trend port and it still be a bad route? Can't try another network card in the server as it's a virtual machine.
I've just run-up a clean Win 2008 Server and got another any rule put into place to connect to this machine. Exactly the same issue, Can RDP to it but can't ping or connect on ports 137,138,139 or 445.
Nothing in Local Security Policy except defaults. As you said, I'm starting to believe it's unrelated to my Windows Server and more a problem on the network side of things. However I'm not having any luck convincing the network guys of this.
Can you confirm that you can connect to other servers that are virtual machines while you are on the VPN?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My users couldn't get to file shares in windows explorer using the address \\servername\share until Braodcast name resolution was turned on at the VPN router. Not sure if all routers have this setting however