Set up remote user on VPN successfully, but need a login script.

Brian702
Brian702 used Ask the Experts™
on
My current set up is as follows:

I use the Syswan VPN Client to connect to the corporate office. I have that successfully working and I can ping everything on my internal local network through the VPN.

My problem is I can't reconnect to any mapped drives. It's almost like when I log in to the domain it doesn't authenticate. After digging through Google I believe the issue is I need some sort of login script. My Syswan VPN client has the ability to run scripts but I don't know how to script and am having difficult time finding a template where I can change the data to my own. I have this client moving out of the country and would really like to get this squared away asap so any help would be greatly appreciated.

CLIENT: Windows XP PRO SP3
DOMAIN CONTROLLER: Server 2008 R2

Both machines are fully updated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Commented:
You may be having name resolution issues, I would try mapping the drive using the IP address. For example a script might look like the following:

net  use  /persistent:no
net  use  *  /delete
net  use  x:  \\192.168.123.123\ShareName1
net  use  y:  \\192.168.123.123\ShareName2
net  use  z:  \\192.168.123.123\ShareName3

Save the file as  script.bat   then just click on it, after connecting the VPN, to run. You may be able to have this run automatically with your VPN client but I am not familiar with the Syswan VPN Client .

Commented:
Use:

net use x: \\192.168.123.12\sharename1 /persistent:yes

The user does not have to run the script everytime he want to maken a connection by vpn.

But for the naming issue: where is the vpn client getting his IP settings from? When you have the right dns server assigned you will  not have naming issues.
Top Expert 2013

Commented:
Should have explained why those lines in the script.

net  use  /persistent:no
[if the user connects in various places they may have different drive mappings. Pesistent:no sets them so they do not automatically try to reconnect every time you log on to the computer]
net  use  *  /delete
[deletes any existing drive mappings so that they are created fresh with new mappings below, also assuring no conflicts]
net  use  x:  \\192.168.123.123\ShareName1
net  use  y:  \\192.168.123.123\ShareName2
net  use  z:  \\192.168.123.123\ShareName3
[Maps drives x, y, z, to the appropriate shares]
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
net  use  /persistent:no works successfluly
net  use  *  /delete works as well
The share return this error
System error 1326 has occured.
Logon failure: unknown user name or bad password.

Other errors are: The password is invalid for \\192.168.1.3\sharename
how can I add a string to it longs on with a certain user name?


Author

Commented:
SjoerdH: Well the I set the ip on my syswan vpn client to one not being used "192.168.4.100" as there is nothing else on the internal network using 192.168.4.x

Also the client allows me to set a different DNS server when connecting, should I use the internal DNS server of my network? The reason I didn't do that is because the end user still needs internet access while connecting VPN.

Commented:
Using the DNS (and wins) from your network makes it much easier. When working on the local network they have internet access? Then using the dns on your network by VPN gives them Internet also.

When using VPN you make the remote client pc part of the local network. Use as much from the local network (DHCP) as possible. Makes life much easier.

On the script you can add username and password behind the net use command you already have: "/user:username@networkname.localname password"
Top Expert 2013

Commented:
Keep in mind 192.168.123.123  is the IP of the server on which the share resides, not the VPN client IP.
net  use  z:  \\192.168.123.123\ShareName3  password  /USER:DomainName\UserName
Substitue for password, DomainName and UserName.  USER is not a variable

Author

Commented:
ok adding the DNS server worked and I was able to access all shares.. but now its a hit and miss if the local internet connection will browse the internet. doing a ipconfig /all shows my dns server to be what I entered in the syswan vpn client "192.168.1.2" which is causing problems browsing the internet now. Any ideas? Were so close!

Author

Commented:
When using the script to remap shared drives I use this logon script right?

net  use  x:  \\192.168.123.123\ShareName1 "password" "/USER:domainname/user1"

Am I missing something?

Commented:
Do IPconfig /all
What is your gateway?

Do a nslookup for www.yahoo.com
Is it resolved to an IP adres? Or it can not resolved?

Do also a tracert to some IP on the internet us for instance 85.17.3.2 (one of ours what will work.

Commented:
net  use  x:  \\192.168.123.123\ShareName1 "password" "/USER:domainname/user1"

Do not use quotes and place password ehind the user statement

Commented:
domainname/user1

the slash is wrong must be \

Personaly like the user1@domainname better

Author

Commented:
Ok here is the situation I have narrowed it down to.

1. I fire up the computer, start the VPN client but don't open the tunnel. ipconfig /all shows correct dns and nslookup works fine.

2. I have to then open Internet explorer, and browse to a few web pages before I can open the tunnel. If I just open the tunnel before doing this, I will be unable to browse the internet after connecting to the VPN tunnel.

3. I have the correct script information but for whatever reason one of my network drives wont connect. This isn't an issue as I decided to map everything in "My Network Places" and everything works fine from there.

is USER:domain\user the same as user1@domainname or do I have to change something in ADUC? Also do I have to use the full domain name "domain.local" or just domain?

Author

Commented:
Also after connecting to the VPN, nslook still works but the DNS server changes to my server 2008 DNS inside my network. If that is the case, will that slow down internet browsing while surfing the net due to it having to go through the internet and back to return DNS querys?
Top Expert 2013

Commented:
A VPN usually does not allow "split-tunneling". Split-tunneling allows you to connect to both the VPN host/server and the internet via your local connection. Split-tunneling in some cases is controlled by the VPN server and in some cases by the client (I am not familiar with your client) but there are security risks with having it enabled. With split-tunneling enabled you have access to both server and local internet simultaneously, but that also means a malicious user at the remote site may be able to do the reverse and attack the corporate site through the VPN.

It sounds like you have split-tunneling enabled which allows your client to resolve names via the corporate network  but access the internet locally. There is a very minor performance loss in doing so, but it is necessary to use only the corporate DNS server or you will have name resolution issues when connecting to corporate resources.

/USER:domain.local\user is the same as /USER:user@domain.local     Best to use the .local suffix

Author

Commented:
You were correct about the naming issues. Adding the internal server DNS address on my VPN client fixed all of the issues.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial