Re: Cannot Access UNC Shares over VPN

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I'd be interested to know if you still have the issue once you get name
resolution corrected. Typically, you'd want your netscreen to hand out the
ip address and name resolution server (your domain controller in many
instances but at least your internal name resolution servers (dns, wins).
That gives the consistency you need.

Just to replay this and make sure I have this correctly, you have the
following problem:
When connected to the corporate network (physically) you have no issues with
the home drive being mapped.
When connected to the corporate network (via netscreen) only domain
administrators are able to map the drive.

Is that correct?

That last bit about the domain administrators makes me wonder. Domain admins
might have different permissions to look at the shares based on your
application of rights. That may not tell you much depending on how you
connected.

I'd be curious if you can map the drive with alternate credentials i.e. log
into the workstation and the vpn as the user. Map the drive to the user's
home share via alternate credentials.

Same results? I'm trying to rule out the netscreen config and the network
path using approach.






"Dennis Procopio" <DennisProcopio@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:68E1F123-5390-4B79-ABB5-863F085AC934@xxxxxxxxxxxxxxxx

i have searched the archives...it's a netscreen 5gt to a netscreen 25 vpn.
i had juniper look at the tunnel today and they said that looks fine. i
added some entries to the hosts file today and he said pings still don't
work, but i'm wondering if i saved the file...

the old admin said he always had to do that with the juniper vpns. also
upped the mtu but i have to do it on his side too.
"Al Mulnick" wrote:

What vpn appliance are you using?

This rings a bell for some reason..... I've seen this but can't recall
the
problem. I want to say it was something to do with name registration but
can't quite recollect at the moment.

You may want to check the archives of some of the newsgroups out there
and
see if you come across the same issue.

Just seems familiar for some reason.


"Dennis Procopio" <DennisProcopio@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:3BD98AA6-2092-4C09-86A4-6396BC09765C@xxxxxxxxxxxxxxxx
I have a domain laptop that is used on both the local corporate LAN and
over
a dynamic VPN tunnel. Outlook and other apps do work over the VPN, but
we
are experiencing issues with accessing UNC shares on a Windows 2000
server,
particularly under this user's name and profile. When the user
attempts
to
access his home folder e.g. (\\servername\share\username), he will
receive
a
message alerting him that the username and password have already been
tried
and failed, and to ensure that the domain controller that authenticated
him
is available. To ensure that an authenticating domain controller was
available over the VPN I not only rejoined the workstation to the
domain
over
VPN, but changed his password via Remote Desktop and successfully
logged
him
in over VPN.

It seems that as the domain admin I was able to look at UNC shares, but
under his account I cannot. I have also received this message:

The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you.

The share that is most critical is the home folder assigned to him via
AD,
and has no problems on the local LAN. Furthermore this folder is
synchronized with My Documents and logon and logoff, and the errors and
authentication prompts take place when trying to synchronize. If he
synchronizes in the office, the data will be available when the unit
has
no
TCP/IP connection, but as soon as he gets on the VPN the My Documents
folder
is empty.

Please note that I recently installed 2 Windows 2003 domain
controllers.
I
am not seeing any errors from the AD integrated DNS zone. There are
currently 2 W2k3 DC's and 2 Win2k DC's running in Windows 2000 native
mode.
I have made all machines Global Catalogs as there seemed to be some
issues
with that too. Hope this was readable, let me know what you think.





.

Relevant Pages

  • Re: Cannot Access UNC Shares over VPN
    ... Outlook and other apps do work over the VPN, ... To ensure that an authenticating domain controller was ... The share that is most critical is the home folder assigned to him via AD, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Server 2003 VPN issues
    ... A VPN connection is a simple point-to-point-connection. ... Netbios name resolution works by LAN broadcast by default. ... If you don't have either DNS or WINS you will have to fall back to HOSTS or LMHOSTS files to get name resolution, but computer browsing probably won't work. ... Pro, Vista Home Premium, and the 2003 server machine) I cannot view ...
    (microsoft.public.windows.server.networking)
  • Re: Outlook Question - Trivial
    ... > outlook.general for the benefit of others who might search Google for an ... You can check your VPN settings and see if you can raise the ... > resolution, but it will likely slow things down... ... we're only running Exchange 5.5, with no plans to migrate to AD or Exchange ...
    (microsoft.public.outlook.general)
  • Re: Cannot Access UNC Shares over VPN
    ... What vpn appliance are you using? ... To ensure that an authenticating domain controller was ... The share that is most critical is the home folder assigned to him via AD, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Vista Business VPN Client cannot see SBS 2000 Domain Computer
    ... It could be name resolution. ... To assign the DNS and WINS to a VPN client for name resolution, you should configure VPN server with the IP addresses of the appropriate DNS and WINS ... ... Assuming you can ping by ip but no name, after establishing the VPN, ... ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.windows.vista.networking_sharing)