Solved

remote vpn client - do i need isaclient software tool

Posted on 2012-03-19
17
624 Views
Last Modified: 2013-12-04
hi ive been reading this 'ee site' which has now confused me:

http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_23112217.html

i can successfully logon remotely via my laptop xp vpn connection via my isa 2006 firewall.

my network places - locates my 'domain icon' but it is empty!!!!

ive currently been looking at 'dfs', but need to know if this is correct!!!!!!

http://www.windowsnetworking.com/articles_tutorials/windows2003-distributed-file-system.html

question 1.  how can i access files on my master dc ?
0
Comment
Question by:mikey250
  • 7
  • 6
17 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 37748256
Network Places has nothing to do with networking (in spite of the name).

Network Places is nothing more than a display of the contents of a Browse List.  

The Browse List is built by the Master Browser

The Master Browser is chosen by the browser Election Process

The whole mess runs under the Computer Browser Service.

Bottom Line,...forget it,...it means nothing.  It has nothing to do with the network functioning or not functioning.  Just make sure the Client gets a proper DNS and WINS setting via DHCP when they connect.  Then the Computer Browser stuff,...will either work,...or it won't,....and it if doesn't,...then it isn't.   If the user's machine is a Domain Member then you may make headway,...but if it is not a Domain Member or is a user's personal "home" machine then you are wasting your time.
0
 

Author Comment

by:mikey250
ID: 37748336
im aware 'network places' has nothing to do with networking as such!   I can see my 'domain icon' is what i mean't!

my laptop machine was joined to the domain successfully, but now i wish to allow the same laptop to access files via a vpn from home.

my laptop does not logon via a domain as it logs on locally which i do realise!!!

i have also read that a machine that is not part of the domain at home will not allow the vpn to see files!!! ok

i then read and installed 'dfs' as the proper way, but still my laptop vpn does not see my 'gpo/user configuration/redirectfolder as configured!  i assume from your comments then that my gpo will not hold any relevance in this case ?

maybe i should add publishing:

- dns server
- http publishing

can you help me ?
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 500 total points
ID: 37748487
There are issues with GPOs working over "Dialup Technology",...and VPN is a "Dialup Technology".   Sorry, I don't have any additional details on that.

Any machine can access Shares over the VPN (even if not a Domain Member) by just going to the Run Line and typing two backslashes followed by the target machine name or IP

\\mytargetmachine

It will list the shares on that machine.   It will be sluggish,...don't expect high-performance.

You may or may not be prompted for credentials when doing that,...it just depends on all the exact little gory details of the specific situation.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 500 total points
ID: 37748506
Run Line and typing two backslashes followed by the target machine name or IP
\\mytargetmachine


I handle that at our place by having a pre-created Shortcut on the All User's Desktop that point to the FileServer that contains all the resources they need.  They then just doubleclick on the shortcut instead of manually typing it on the Run Line.
0
 

Author Comment

by:mikey250
ID: 37748595
hi,  i really appreciate the responses!!!!!!!!!!!!!!!

i have used my laptop at my friends house and plugged a cable into their sky hub and successfully logged onto my vpn, but i never did:  \\mytargetmachine or\\x.x.x.x, as i thought i would have to 'browse' to it.

if i have a successful vpn at my friends house are you saying i should be able to \\mytargetmachine or \\x.x.x.x  ?
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 500 total points
ID: 37748613
if i have a successful vpn at my friends house are you saying i should be able to \\mytargetmachine or \\x.x.x.x  ?

Yes.

"Browsing" is worthless.  Forget "browsing",...you're wasting your time with it.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:mikey250
ID: 37748708
browsing  - no browsing i never knew this!!!!!! no has told me this!!!!!!!!

i have tried both via my laptop/mobile phone:

- \\isa2006-serv.cogs.local - did not work
- \\pdc01.cogs.local - did not work - master dc
- \\10.0.0.10 - did not work - master dc

i will have to go to my friends and retry!!!!!
0
 

Author Comment

by:mikey250
ID: 37800225
hi pwindell,  well i did what you said ie do:  \\servername\share ie: \\pdc01\home - but still failed via vpn at friends house.

if i logon my master dc: \\pdc01\home - is successful
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 500 total points
ID: 37801108
It's busy around here,..gonna be hard for em to keep up,....

But try it with "IP#" as a test.

I need to review you whole thread again,  but it busy around here today.  I'll try to keep up as best I can.
0
 

Author Comment

by:mikey250
ID: 37801191
hi oh thanks for replying back 'no problem'!!!

hi yes by adding my ip address ie: \\x.x.x.x - it was successful

ive now got one more step to complete and thats being able to save files in my shared folder:

d:\home - shared full access - cannot gain access
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 500 total points
ID: 37808515
hi yes by adding my ip address ie: \\x.x.x.x - it was successful

It is because making the VPN connection by itself does not provide Name Resolution.  That has to come from DNS or WINS.    Because VPN Clients are not true DHCP Clients you do not get those items when you connect.  If you are using RRAS (or ISA or TMG) to do the VPN then you have to add the DHCP Relay Agent to RRAS.  It is considered a "Protocol",...so you have to add it to RRAS as a "new protocol".  If you are using something else like a Cisco ASA, or whatever,...I don't know what to tell you there.
0
 

Author Comment

by:mikey250
ID: 37816571
hi pwindell,

i did originally add in 'isa2006/rras' the 'dhcp relay agent' as was prompted to do so when i was troubleshooting sometime ago, when i was configuring isa 2006 remote vpn.

i then removed one by one extra configurations i had added while troobleshooting and also re-confirmed step by step the remote vpn laptop still logged on successfully which it does!!  all good!!!:))

I then decided to remove the 'dhcp relay agent' and my remote vpn laptop still logs on successfully!!!! all good so far!!!!:))

I can successfully now see 4 folder below: (i expected only to see the 'home folder')!!

after logging on via remote vpn laptop again i opened up shared folder as usual and can now see 5 files i originally added from the (main shared folder) although i was only expecting to see the expected 'shared home folder' as mentioned, but instead i see below:

as expected:

- home folder - can now open access and save files and drag and drop files from laptop on my master domain controller via my vpn where shared test temporary shared 'home folder is located.  successfully

not expected to see folders below: why ?

- redirection folder - no access - although i have not shared - so was not expecting to see this folder anyway ?

- netlogon - i can open but folder is empty - i have not shared this folder and was not expecting to see this folder anyway ?

- redirectfolder - i have shared this folder but not for 'vpn users', although i cannot open it but this makes sense, but why do i still see it ?

- sysvol - i have not shared this folder but i can open this folder and see a file called 'domainname.local' and sub folders within, but was not expecting to see this folder at all ?
0
 

Author Closing Comment

by:mikey250
ID: 37905061
i appreciate the advice although i did remove 'dhcp relay agent' just to see and for some unknown reason i can still logon via my laptop connected via usb cable to my laptop/vpn to my master dc where i have temporarily shared: d:\vpn users for eg.

i do have only one outstanding nic array issue regarding my internal lan: 10.0.0.0 -10.0.0.255 not being recognised in the routing or something like that.  so as a result i receive an intermitant isa firewall loss of connectivity even though it resyncs itself back online as clients still receive internet access.

i will have to add it back and see!!

appreciated!!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now