VPN issue \ Windows sharing

Posted on 2010-01-10
Medium Priority
Last Modified: 2012-05-08
We have an office in India and they currently can not access our servers.  I can from my office which is configured the same way...  There is a Site to Site VPN tunnel and they can ping the ip of the servers they need access to.  Once they go to the server via the run line and ip address ex: \\ they see the shares and printers but when they open on the of the shares they get the attached error.  I now have 60 people there that can not work any help would be great.
Question by:stuart100
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 26281520
Can you access it if you use the FQDN in the UNC path, i.e. \\computername.domain.tld\share?

Expert Comment

ID: 26281523

Take a look at that as well, I see you're using Windows 2000 servers.

Expert Comment

ID: 26286666
Tags on this issue indicate that you're using a Cisco vpn solution for the site-to-site tunnel(s) and Windows 2000 servers that they can't see.  Considering they can ping the server(s) in question, the vpn tunnel is ok.  You've probably got a DNS issue here.  

When they ping the servers, can they be pinged by fqdn, or just by IP?  What is your cisco solution, what are the endpoints?  For instance, if you're using ASA on each end, it could be that you just need to enter the "no sysopt proxyarp" command on the wan interfaces of the endpoints.  If you're using routers with IOS firewall, you just need to specifically enter the "permit udp host x.x.x.x host x.x.x.x eq 500" on the inbound access-lists of each endpoint because ISAKMP is breaking down after tunnel creation, i.e., as soon as the phase II starts transmitting.   As that point, inbound ACLs will kill traffic going through an already established tunnel as soon as it's decrypted; i.e., traffic can't find it's way back to hosts.  Also verify you've got proper DNS forwarding set up, assuming these clients are using local DNS servers.  Because this is a site-to-site tunnel, there's no process giving clients at site B any information about hosts at site A - no DNS servers are being handed out to remote hosts, they're using local DNS.  If local DNS servers don't know about hosts on the remote end, they can only resolve by IP because that's all that the Cisco equipment knows about, it has no idea what server names are, nor shares.  If you've got a VPN concentrator in there, myriad things could cause this.  --TX
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.


Accepted Solution

stuart100 earned 0 total points
ID: 26331174
We found out the issue was caused by an ISP called seabone that handles the fiber that runs through the Atlantic ocean.  They were having issues with a router that was dropping packets.  We have never seen anything like it and ended up having to have our ISP call them to track down the issue.


Expert Comment

ID: 26332499
That sounds very unlikely to be the source of this exact problem?

Author Comment

ID: 26340464
beester I apologize if you don't like my answer.  Tell you the truth I did not like it either and I really believe they or one of the many other ISPs that the data travels through had an issue that they are just not admitting to.  I assure you the problem is fixed and I did not make any configuration changes on either side.  We had Microsoft, and Cisco check it out and both ended up looking at the issue and telling me it was not their problem so we moved onto the ISPs.  Once we made a bunch of noise at both of them they started making calls and bam the problem went away.  First time in 15 years I want to quit... tough to have an issue that affects 8 hours of production that you still do not have a clear answer about.


Expert Comment

ID: 26341127
It's not that I don't like YOUR answer :)  I just don't exactly see how this would be the issue since other services worked in the VPN tunnell, whereas packet loss would cause the VPN tunnel to drop...

And that's why I don't think it sounds likely that packet loss is what caused this problem at all, but more like you say - that the ISP(s) have had other, underlying problems, which caused it...

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question