?
Solved

Windows 7 VPN to Windows 2008 SBS

Posted on 2012-04-13
10
Medium Priority
?
727 Views
Last Modified: 2012-05-15
Hi all,

I have a weird problem,

I have users VPN'ing in to Windows server 2008 SBS. The problem started that their offline documents was not syncing when connected to the Windows VPN (RAS)

When I log on to the remote user to troubleshoot, I can resolve server name over VPN, do nslookup on IP address of server, and ping server FQDN over VPN, all works fine!

When I \\server, I only see the user's offline files (the one that is cashed on the client computer that VPN's)

When I \\192.168.255.5 (the server IP) then it tells me after like 10 seconds cant connect to that IP. But that same IP I can ping, nslookup and resolve the server name to that IP, all works fine.

When I VPN in to the server, and do an ipconfig /all, the following routes are in place:


Before the VPN is formed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.27     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.27    281
     192.168.1.27  255.255.255.255         On-link      192.168.1.27    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.27    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.27    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.27    281
===========================================================================
Persistent Routes:
  None


AFTER the VPN is formed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.27     25
   123.123.123.123  255.255.255.255      192.168.1.1     192.168.1.27     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.27    281
     192.168.1.27  255.255.255.255         On-link      192.168.1.27    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.27    281
    192.168.255.0    255.255.255.0   192.168.255.28   192.168.255.16     26
   192.168.255.16  255.255.255.255         On-link    192.168.255.16    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.27    281
        224.0.0.0        240.0.0.0         On-link    192.168.255.16    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.27    281
  255.255.255.255  255.255.255.255         On-link    192.168.255.16    281
===========================================================================
Persistent Routes:
  None



IPconfig Information:


PPP adapter VPN - test:

   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : VPN - test
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.255.16(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.255.5
   NetBIOS over Tcpip. . . . . . . . : Enabled


I cant \\server or \\serverIP and I know this is the reason the filesync is not working. I can do everything else, nslookup on the server ip, ping the server, tracert the server name and IP and resolve the server name. But I just cant brows file shares on the server by IP or server name. There are two servers on the remote VPN site, and both servers gives me the same conclusion as above. I just cant brows share names on any of the remote servers over the VPN.

I have ipconfig /flushdns and restarted the computer many times, nothing!

I have even in the network location changed the order of the network cards so dialup is above all (first) in order to use to try and resolve names. I have used the administrator credentials for the VPN and the users own credentials, still nothing. (Both these credentials works from my PC at the office) so it is not a file share permission problem.

When I try and do it from another computer (My work PC) it works, I can \\server and \\server IP address over the VPN.

Any assistance would be appreciated!

Scrooge
0
Comment
Question by:wimpie_asg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37844464
>>"I cant \\server "
Does \\server.domain.local\  work?

If so try adding the domain suffix to the client machine as per:
http://blog.lan-tech.ca/2011/05/14/vpn-client-name-resolution-2/
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 37844559
RobWill,

Thank-you for your responce,

I have tried \\server.domain.local and the outcome was the same as when I do \\serverIP, it takes about 5 seconds and say, network location is unavailable.

But I can do \\server and see just the users offline files and nothing else. There are supose to be more network folders / shares but I can only see the users offline folders when \\server.

I don't have an issue resolving any hostname over the VPN, it is just when browsing that I cant see anything, only that which is cashed and nothing else. And the fact that when I try \\serverIP it returns an error, network location not availabe, "Diagnose problem now" and then windows finds no errors.

Scrooge.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37844569
On a different note, often with offline files and folder redirections the polcies are not applied with VPN's due to slow links.  There are slow link detection policies that you can enable to assist with this.
http://technet.microsoft.com/en-us/library/cc781031(v=ws.10).aspx
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 37844588
One of the issues when using a software VPN client is you are connecting with cached credentials as the server is not available at logon.  This may be part of the problem.
As mentined near the end of the link above, if a Windows VPN, at logon there is an option to logon with a dial up connection, then select the VPN, this will allow proper domain authentication and Group Policy processing, thoght the slow link detection policies usualy have to be enabled.
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 37844731
Hi,

With Computer Configuration\Administrative Templates\System\Group Policy  I noticed under the help, there is also a setting under Computer Configuration\Administrative Templates\System\user profiles, there is a setting that says "do not detect slow network connections"
If I enable this, will this not be better than specifying a slow connection speed? The user is not in the same country as where she VPN's to, she VPN's from a diffrent country, so I don't know what speed to enter under the slow network speed. Will disabling this option be better?

Scrooge.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37845067
The problem that exists is if the connection is slow, less than a typical LAN, logon completes before authrntication and GP is applied.  You want to "detect slow networks" so that  the connection waits to complete.

Other policies that are also useful in tweaking this are:
Computer Configuration | Administrative Templates | System | Logon  | Always wait for the network at computer startup and login
Computer Configuration | Administrative Templates | System | Scripts | Run logon scripts synchronously
Computer Configuration | Administrative Templates | System | Group Policy | Group Policy slow link detection
Newer systems (Win7):
Computer Configuration | Administrative Templates | Network | Offline files | Configure slow-link mode.
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 37845788
Hi all,

Thank-you so much for your input and valueble time, this is much appreciated.

I have made the appropriate changes also after reading up more on the values to add etc. I do a gpupdate /force and get the following result, most propably because the UNC to the server is not available for updating, but I also restarted the computer for good measures. I get the following error when doing a gpupdate:

Updating Policy...

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows attempted to read the file \\server.local\SysVol\DOMAIN.local\Policies\{aaaaaaaaa-F281-4391-AC81-62089093A809}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\server.local\SysVol\DOMAIN.local\Policies\{aaaaaaaa-27B9-411E-94EC-626058E8ED41}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

Needless to say, when I \\server or \\serverIP nothing, still the same thing. It is as if the whole computer is working in "OFFLINE MODE" from the network, similar to a server thobstone mode. It is a whole ripple effect I think caused by the same issue, I still can resolve hostnames by ping or nslookup or FQDN to the server IP and server NAME. But I can not brows the server, nor anything else on the remote network after VPN. I can even RDP in to the local IP of the server from the VPN client on the local IP of the server.

Any further assistance would really be greatly appreciated.

Scrooge.
0
 
LVL 3

Accepted Solution

by:
wimpie_asg earned 0 total points
ID: 37845817
Hi,

This is exacly what my problem is, but this article is for Windows XP, and does not apply to Windows 7.

http://support.microsoft.com/kb/290523

This is exacly the issue I am having. Any idea how I can fix this on Windows 7?

Scrooge.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37863265
The article states; "This behavior can occur if you initially logged on to the computer with cached credentials ". As I mentioned earlier; "One of the issues when using a software VPN client is you are connecting with cached credentials as the server is not available at logon.  This may be part of the problem. As mentined near the end of the link above, if a Windows VPN, at logon there is an option to logon with a dial up connection, then select the VPN, this will allow proper domain authentication and Group Policy processing,"
0
 
LVL 3

Author Closing Comment

by:wimpie_asg
ID: 37969281
.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
Suggested Courses
Course of the Month8 days, 15 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question