With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!
Course Of The Month
5 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Unable to access shares using VPN (L2TP over IPSec )
Posted on 2013-11-13
Hi Could someone tell me how to get a fix for the following issue
I am doing VPN into my network using L2TP over IPSec into the SBS server. I have a Cisco VPN server
It uses different account to connect to the cisco VPN does not use domain accounts
When i try open shares
\\<hostname> i get access denied , user does not have permissions
I researched and added Authenticated Users into the Builtin-->Windows Authenticated Access group (something like that ) ..then it gave me the user account was not found.
As per the netmon trace , its giving me KerberosV5 error and it is passing the VPN account credentials when it tries to access the shares. Thats why it is getting access denied. Is there a way to pass domain credentials instead of passing the VPN account credentials. It takes in this settings automatically. Please share some of your thoughts.
Thanks You.
PS: Able to access shares via FQDN and IP address also was able to map a drive using the net use command
net use z: \\<hostname> /user:domain\username password
Command executed successfully so definitely it is a problem with those vpn account credentials being passed on
I am doing VPN into my network using L2TP over IPSec into the SBS server. I have a Cisco VPN server
It uses different account to connect to the cisco VPN does not use domain accounts
When i try open shares
\\<hostname> i get access denied , user does not have permissions
I researched and added Authenticated Users into the Builtin-->Windows Authenticated Access group (something like that ) ..then it gave me the user account was not found.
As per the netmon trace , its giving me KerberosV5 error and it is passing the VPN account credentials when it tries to access the shares. Thats why it is getting access denied. Is there a way to pass domain credentials instead of passing the VPN account credentials. It takes in this settings automatically. Please share some of your thoughts.
Thanks You.
PS: Able to access shares via FQDN and IP address also was able to map a drive using the net use command
net use z: \\<hostname> /user:domain\username password
Command executed successfully so definitely it is a problem with those vpn account credentials being passed on
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
5 Comments
Active 1 day ago
If the FQDN works then it sounds like the domain suffix is not being added to the host name. When using a Windows VPN you can do so under the advanced TCP/IP properties of the DNS tab of the NIC configuration for the VPN/PPP virtual adapter, by adding the domain suffix (e.g. mydomain.local) in the "use this domain suffix for this connection". I don't know that you have this option with the Cisco VPN client, but the Cisco admin should be able to push that out with the deployment package, or VPN DHCP scope options.
I tried putting the DNS suffix for the VPN connectroid but that din't work I will see the options on the VPN server though
It was caching the cisco vpn credentials we removed the cached credentials from Credential manager from Control panel issue resolved.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month5 days, 18 hours left to enroll
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.