Domain users across VPN can ping server but not connect to shared drives

Posted on 2011-05-06
Last Modified: 2012-05-11
Recently installed Open VPN which is part of our Untangle UTM gateway for the site.  VPN connects and works as far as being able to ping any machine in the network, Browse internal IP for web app, or even RDP to other servers in the network.

When you try to connect to a server that has file shares on it we get (ipx.x.x.x\shared The system detected a possible attempt to compromise security. Please ensure that you contact the server that authenticated you.)

The VPN is launched after the user logs in to a domain profile on the laptop they are working from.  I do not know if this is an issue that the system does not think that the user is authenticated or what?

We have deleted the drive maps from the individual machine and tried to put them back in but since we can not connect the system will not allow us to put them in.

With a stat run to the \\ip.x.x.x.\shared the system as for a username and password.  Using proper domain credentials it will not connect.

For testing I logged off the domain user and then onto the machine as a local account Administrator and tested and it all worked fine.  When connecting to the ipx.x.x.x\shared from the RUN command it asked for username and password.  Gave it the same domain users account credential as above and it worked.  Shares work the whole 9 yards.

What is blocking or keeping this from coming through?  I have another client with the exact same setup just different domain and it works perfectly.

There have been nothing but problems from the get go with this new client, DEAD Exchange server, BAD BDC that died and was not removed, same with Old Exchange server not being removed,  Upgraded exchange 2003 to 2010 but none of the addon options or database were upgrade etc. Exchange was removed to an outsourced solution, BDC removed properly, and cleanup of AD etc. I have done everything short of recreating the domain from scratch.  DCDIAG showes no error for the domain.

Open to any and all suggestions.

Question by:X-spook
    LVL 8

    Expert Comment

    Looks like you are accessing a share on a differnt domain - if so are there a trust between these two domains?

    Author Comment

    Only the one domain listed in DNS server.  When I searched I read that to and was puzzled as to why the machine would think that it trying to access another domain other than the parent.  No Child domains.
    LVL 8

    Expert Comment

    Fine. So no other domains. And it does work with an administrator account?

    Accepted Solution

    Did not work with the admin account either.  The only account that would work is a non domain account on the local machine.

    I found the problem.  MS VPN was enabled at one time on the 2003 PDC and there was a loopback adapter enabled.  Disabled the loopback, and checked and the firewall service was not running.  So changed that and then disabled the firewall.  Before disabling I checked that the rules for file and printer sharing allowed inbound traffic, and boom it started working.

    Lesson learned on old 2003 server to never believe that the service is off and allowing all traffic.

    Thanks fo your time.

    Author Closing Comment

    My solution is what fixed the problem.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now