Re: VP Connected, saw the share but not cannot open it

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/27/04

  • Next message: Zharvek: "Routing and Remote Access" 
    Date: Sat, 27 Nov 2004 12:50:13 -0600

    Try creating a local account on the client to logon to the computer that
    uses the same credentials as used to logon to the VPN or if this is a domain
    configure the VPN client connection [if using the built in one] to include
    the domain name when logging onto the VPN. I had a similar problem myself
    and tracked it down to the fact that I was logging onto my client computer
    with different credentials than using to logon to the VPN. What was
    happening, in my configuration, was that the credentials that I logged onto
    my client computer were being used to accessing shares on my network. I
    confirmed this by examining the user that I was connected to the remote
    computer via Computer Management/shared folders/sessions which I encourage
    you to try also to see how the VPN user is actually accessing the remote
    computer. I would also enable auditing of logon events on the server
    offering shares where you are having a problem to see what is reported in
    the security logs on that server to see how the remote user is
    authenticating to that server and possibly enabling auditing of object
    access and then auditing the folder that they can not access for read/list
    permissions for failure which should generate Event ID's 560 and 562 in the
    security log giving a clue as exactly what user is being denied access to
    the folder.

    My guess is that the user is not accessing that computer or shares via the
    VPN as the user you believe him/her to be. Another thing to consider is that
    XP computers can use stored credentials and if the stored credentials have
    the wrong user or password to access a share/computer, the user can be
    denied access. Stored credentials can be convenient until you forget about
    them. --- Steve

    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_vkxx.asp
    http://tinyurl.com/6qlzj -- same link as above, shorter about XP stored
    credentials.

    "frankcvc" <frankcvc@discussions.microsoft.com> wrote in message
    news:B5B23F70-2F3C-439B-A328-DB99ADE4F757@microsoft.com...
    >
    > Thanks, Steve.
    >
    > Let me make sure I understand your point clearly.
    > We have Remote Client--VPN-- Server to Access.
    >
    > I always used the credential to log on to the VPN who has proper access
    > privileges to the Server, though a different credential was used to log on
    > to
    > the remote client.
    >
    > On the same Server we have several shares which the VPN user has access.
    > Interestingly, the user can access some but not others, though it has full
    > access to all shares if logged on to a machine on the LAN.
    >
    > Thanks again.
    >
    > Frank
    >
    > "Steven L Umbach" wrote:
    >
    >> Make sure that the user is logging onto their remote computer with
    >> credentials that allow access to the lan. If you logon to the computer
    >> with
    >> different logon/password than is used to authenticate with the VPN the
    >> user
    >> may be denied access if the users logon to the computer credentials are
    >> passed to try and access the share which is often the case. Have the user
    >> try to ping the computer offering the share by both it's name and lan IP
    >> address to make sure it has connectivity to it and also try to connect to
    >> the share using it's lan IP address instead of name as in
    >> \\xxx.xxx.xxx.xxx\share. --- Steve
    >>
    >>
    >> "frankcvc" <frankcvc@discussions.microsoft.com> wrote in message
    >> news:761FE445-0196-4170-B0F5-B4DB56AA2BD2@microsoft.com...
    >> > Have a Windows Server 2003 set up for VPN. Using Windows XP connected
    >> > to
    >> > it.
    >> > Found the server and shares but cannot open them--Access Denied. All
    >> > these
    >> > folders' Share and NTFP permissions are set to Read and write. If
    >> > accessed
    >> > on
    >> > the LAN, these folders are fully accessible by the same user.
    >> >
    >> > Appreciate your help!
    >> >
    >> > --
    >> > Frank
    >>
    >>
    >>

  • Next message: Zharvek: "Routing and Remote Access"

    Relevant Pages

    • Re: Change local password for domain account while disconnected
      ... control -alt -delete and then try to unlock it with new credentials. ... The Microsoft VPN client ... also has an option to logon to the domain in it's properties which may be ... > She then VPN's into the corporate network but the corporate VPN ...
      (microsoft.public.security)
    • Re: Problem with control hosted in IE
      ... The control is running on the client machine, so the default credentials are ... These will be the Windows logon from the ... > I logon to another machine using a local account (not one that the IIS ...
      (microsoft.public.dotnet.security)
    • Re: VPN issue
      ... The first thing it tries to do is use the credentials i used to login, ... If I use a different user's account i am able to login, ... I want to be able to logon with the correct account. ... I would like to stress that i am using Symantec VPN client software because ...
      (microsoft.public.windows.server.sbs)
    • Re: When Connected to VPN (L2TP) Automatic Login to Intanet Zone does not work...
      ... Though it is not using the Machine Logon Credentials, its Trying to use the VPN Login credentials. ... You want to know how to use the logged user account instead of the VPN user ...
      (microsoft.public.windows.vista.networking_sharing)
    • Re: Connecting a remote workstation to a domain
      ... VPN for "All Users" to the SBS server (and using her domain credentials). ... created the VPN connection and tested with the same results from a remote ... Even setting up a low end workstation ...
      (microsoft.public.windows.server.sbs)