SonicWall Global VPN Client - issues connecting to LAN resources

I recent started using a SonicWall NSA2400 and have enabled VPN connecting users with SonicWall’s GVC.  Users are able to successfully create the tunnel and ping address on LAN.  When try to access local resources either mapped or using \\LAN_Resource\sharename users are either prompted for a username and password or LAN Resource is unable to be located.  However, if I attempt to access LAN resource by \\IPADDRESS\sharename resolution works.  Further when attempting to start Outlook user is also prompted for U/N and P/W.  In some cases username and password are denied.  Checking the logs the following errors are present;
Source: LSASRV Category: SPENGO (Negotiator) Event ID: 40961 Description: The Security System could not establish a secured connection with the server cifs/192.168.0.17.  No authentication protocol was available.
Source: LSASRV Category: SPENGO (Negotiator) Event ID: 40960 Description: The Security System detected an attempted downgrade attack for server cifs/192.168.0.17.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".
mschi6317Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fbcbloodcenterCommented:
You could try to enable netbios over the vpn and see if that makes a difference
0
mschi6317Author Commented:
Yes, I already thought of that and it's enabled.
0
fbcbloodcenterCommented:
running latest firmware/vpn client versions?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

mschi6317Author Commented:
Yes in fact I just updated firmware this afternoon.
0
Cas KristCommented:
Pls try the 'IP Helper' (under Network tab). Enable the IP helper, also enable 'Netbios'.
iphelper.png
0
mschi6317Author Commented:
I have enabled this feature and will begin testing.
0
mschi6317Author Commented:
Caskrist, to the best of your knowledge would it make any difference if I changed the properties of the GVC network adapter?  Image included....


ip-helper.docx
0
Cas KristCommented:
I have never done such a thing. You can also check the settings of your WAN Group VPN if Netbios is enabled. (I'm not sure if you have checked that yet).
WANVPN.png
0
mschi6317Author Commented:
Yes I already has this setting selected.  So now I have both IP helper and the netbios settings enabled.  My affected user is still experiencing the same issue.
0
Cas KristCommented:
Is this only occurring with one user, or all the users?
Does the user get his ip address via DHCP, and if so, what is the DHCP server? (server or sonicwall)
When you look at the output of ipconfig /all on the affected PC, are the WINS and DNS servers OK?
0
Cas KristCommented:
By the way, the SSLVPN function is cool too, especially with the 5.6 firmware. You can use the Netextender to create a GVC-like VPN connection. But that is whole other issue.
0
mschi6317Author Commented:
IP address is issued by DHCP server on Sonic Wall.  Setup a range of addresses outside of my subnet.  The WINS and DNS servers are OK.
0
Cas KristCommented:
You should be able to use addresses from within your subnet (most of the times I do), see if this helps. I believe NETBIOS cannot be routed, not sure though.
Create a small range (which has been excluded on your server's DHCP services) and apply that one to the Sonicwall DHCP server.
0
mschi6317Author Commented:
I created the VPN address group because IP address that were already in use on my local subnet were being issued to the incoming VPN connections.  Further I'd rather have a separate range for machines connecting from outside the firewall.  I contacted Sonic Wall this afternoon and was able to speak to someone from North America, although still not 100% helpful.  They suggested making changes I mentioned to the the NIC and also configuring LDAP under user settings.  I am going to try this next.
0
Cas KristCommented:
OK, let us know please.
0
mschi6317Author Commented:
I tried configuring LDAP as per documentation provided by Sonic Wall but I still cannot get sonic wall to communicate with LDAP server.  The LDAP configuration is presenting a whole set of issues which I am trying to address currently.  For instance using lpd.exe I am able to connect on 389 but not on 636 as suggested by sonic wall in the config docs.
0
mschi6317Author Commented:
I was able to get this work changing LDAP settings on sonic wall firewall to use port 389 and tun off SSL which isn't the way it will stay but I am able to access MS AD now where as before I was not.  So techincally it is working, but I have a little more to do on my end on the DC to make LDAP more secure and use port 636.  Issue solved.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.