Re: VPN users not able to map drives using NetBIOS names
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/22/05
- Next message: Steven L Umbach: "Re: Easy RRAS VPN question"
- Previous message: Jimmy Andersson [MVP]: "Re: Replacing domain controller"
- In reply to: Marty S: "Re: VPN users not able to map drives using NetBIOS names"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 12:56:59 -0600
I usually have success if the workgroup name is the same as the domain name
that you are trying to VPN into. The other thing I would try is to populate
the lmhosts and/or hosts files with the name of computers that they need to
access. Of course for that to work the computer IP addresses in the
lmhosts/host files need to be static. You should check those files anyhow to
make sure they do not have any incorrect entries. Another thing to try is to
use the fully qualified domain name of the target computer to access a share
as in \\server1.mydomain.com. Beyond that a packet sniffer on both ends of
the connection would help to see what is going on particularly with NBT
traffic for 137 and 138 UDP and 139 TCP. Netmon is built into server version
and free tools like Ethereal can be used on other computers. I have never
had to do it myself and don't like the use of multiple protocols, but a KB
article from Microsoft for NT4.0 recommends also using netbeui as a possible
solution. If you decide to try that make sure netbeui is first in the list
of binding order for file and print sharing and Client for Microsoft
networks for the VPN client. See the link below. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B176321
"Marty S" <MartyS@discussions.microsoft.com> wrote in message
news:E1C5C4B7-113B-43BA-AE6C-32F2465DD08F@microsoft.com...
> Everything looks the same with both machines. I have read some other
> threads
> where people had the same problem but never seemed to get it working. I
> am
> not sure what else to do at this point. I hate to blow $245 on a
> convenience
> issue.
>
> "Steven L Umbach" wrote:
>
>> It is no problem in that it is the first IP address and often that is the
>> case. Can the VPN clients ping the internal servers after making the VPN
>> connection by their IP address?? Does an ipconfig /all show that they are
>> receiving the correct IP address of the wins server? Does anything in
>> their
>> ipconfig /all look different than the ipconfig /all for your laptop
>> [other
>> than assigned IP address]? Are you using the same VPN client and are they
>> configured that same? If the other computers search for the name of
>> servers
>> in My Network Places does it eventually work? --- Steve
>>
>>
>> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> news:771FBE52-35AC-4F69-8C12-6F82333F80A8@microsoft.com...
>> > IP routing is enabled on the IP tab of the RRAS properties. Yes I can
>> > access
>> > everything via VPN with NetBIOS names using my laptop, which is already
>> > a
>> > part of the domain. The pool for VPN clients is within the same subnet
>> > as
>> > the VPN server. I also checked the filters within the RRAS properties
>> > and
>> > everything looks okay and appears to be set to their defaults? As for
>> > the
>> > IP
>> > address used for the VPN interface, it is the first address out of the
>> > static
>> > pool that I set up for VPN clients to pull from, is that a problem?
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> Using a single physical network adapter in your configuration is fine
>> >> and
>> >> I
>> >> have done it myself with great results. Normally I would say to make
>> >> sure
>> >> that the RRAS server is configured to enable IP routing in the IP
>> >> properties
>> >> of the server in RRAS Management console but I believe you said that
>> >> you
>> >> can
>> >> already access the internal network from your own computer as a VPN
>> >> client
>> >> so it would seem that is already enabled. If not doing so already, try
>> >> to
>> >> ping by the internal network by IP address also instead of just name.
>> >> Input
>> >> and output filters on your internal network adapter or in Remote
>> >> Access
>> >> Policy could also be restricting access to those computers but that
>> >> would
>> >> not be configured by default. I assume the static pool IP addresses
>> >> are
>> >> also
>> >> on the same network as the RRAS server's internal network adapter
>> >> connected
>> >> to the lan. The VPN server itself will be assigned one of those
>> >> addresses
>> >> for the virtual adapter it uses for the VPN server connection that
>> >> would
>> >> be
>> >> different than the actual address of the physical adapter. Just make
>> >> sure
>> >> that IP address is not the same IP address as assigned to the VPN
>> >> client
>> >> as
>> >> I have seen that before. You can check the status/details of the VPN
>> >> connection to see what addresses are used for that connection.---
>> >> Steve
>> >>
>> >>
>> >> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> >> news:108E8272-C389-445D-AC81-B86749F4EC3A@microsoft.com...
>> >> > My server is behind a firewall that forwards the VPN traffic to it
>> >> > via
>> >> > NAT.
>> >> > Is it okay to use a single NIC for this application? I noticed
>> >> > something
>> >> > weird. The only thing i can ping from a non-domain machine
>> >> > connected
>> >> > to
>> >> > the
>> >> > VPN is the RRAS server itself. I get a return ping from one of the
>> >> > IP
>> >> > addresses in the static pool that i set up for RRAS.
>> >> >
>> >> > Marty
>> >> >
>> >> > "Steven L Umbach" wrote:
>> >> >
>> >> >> As I mentioned for the external network adapter connected to the
>> >> >> internet
>> >> >> access should have file and print sharing, Client for Microsoft
>> >> >> Networks,
>> >> >> and netbios over tcp/ip disabled and also in dns the "register
>> >> >> this
>> >> >> connection" should be disabled for the external adapter. Your wins
>> >> >> server
>> >> >> should only be listed on the internal network adapter used for the
>> >> >> lan
>> >> >> and
>> >> >> the internal lan adapter needs to be at the top of the list in
>> >> >> network
>> >> >> connections advanced/advanced settings.
>> >> >>
>> >> >> RRAS servers normally have two physical network adapters unless it
>> >> >> is
>> >> >> behind
>> >> >> a NAT router/firewall connection that forwards VPN connections to
>> >> >> the
>> >> >> RRAS
>> >> >> server's internal network adapter. On one of the client VPN's that
>> >> >> can
>> >> >> not
>> >> >> browse the network run Ipconfig /all to see if they are being
>> >> >> assigned
>> >> >> a
>> >> >> wins server for their VPN connection. I understand that some
>> >> >> "protection"
>> >> >> software installed on a computer such as personal firewalls or even
>> >> >> anti
>> >> >> virus programs can be configured to block over tcp/ip netbios which
>> >> >> will
>> >> >> block the browse service traffic that allows the use of My Network
>> >> >> Places.
>> >> >> Booting into safe mode will bypass such programs but also will
>> >> >> bypass
>> >> >> personal firewalls so do not try such unless the user is also
>> >> >> behind a
>> >> >> firewall device such as a NAT router/firewall. Another thing to try
>> >> >> is
>> >> >> to
>> >> >> have the user name the workgroup their computer is in to the same
>> >> >> name
>> >> >> as
>> >> >> your domain. However if they are a member of another domain do NOT
>> >> >> have
>> >> >> them
>> >> >> do such or they may be locked out from logging onto their
>> >> >> omputer. ---
>> >> >> Steve
>> >> >>
>> >> >>
>> >> >> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> >> >> news:50464294-29F4-4E14-9CFA-A6B828B898F0@microsoft.com...
>> >> >> > Enable BNR is checked. I have two existing WINS servers, one of
>> >> >> > which
>> >> >> > is
>> >> >> > the
>> >> >> > RRAS server. I did have this server set up with dual NIC's, one
>> >> >> > for
>> >> >> > RRAS
>> >> >> > and
>> >> >> > one for regular LAN traffic. The one NIC that is active right
>> >> >> > now
>> >> >> > has
>> >> >> > 5
>> >> >> > IP
>> >> >> > addresses bound to it for some internal web hosting. What is the
>> >> >> > best
>> >> >> > way
>> >> >> > to
>> >> >> > set up a RRAS server, one or two NIC's? If two, then what
>> >> >> > exactly
>> >> >> > do
>> >> >> > you
>> >> >> > have each of them set up to do?
>> >> >> >
>> >> >> > I also wanted to mention that if I take my laptop home, which is
>> >> >> > part
>> >> >> > of
>> >> >> > the
>> >> >> > domain at the office, I can connect to the VPN and ping
>> >> >> > everything
>> >> >> > and
>> >> >> > browse
>> >> >> > as usual. It is only on machines that are not part of the domain
>> >> >> > that
>> >> >> > I
>> >> >> > am
>> >> >> > having the problem. I didn't know if this would make a
>> >> >> > difference
>> >> >> > in
>> >> >> > your
>> >> >> > response or not.
>> >> >> >
>> >> >> > Thanks Steve!
>> >> >> >
>> >> >> > "Steven L Umbach" wrote:
>> >> >> >
>> >> >> >> There is an option in Windows 2003 RRAS that may help. Open the
>> >> >> >> RRAS
>> >> >> >> Management Console and find your server, right click and select
>> >> >> >> properties,
>> >> >> >> go to the IP page and make sure "enable broadcast name
>> >> >> >> resolution"
>> >> >> >> is
>> >> >> >> enabled. If that does not help configure wins server on your
>> >> >> >> network
>> >> >> >> making
>> >> >> >> sure that all the servers are also wins clients. Lmhosts files
>> >> >> >> could
>> >> >> >> also
>> >> >> >> be
>> >> >> >> used, though it makes more sense to use wins if possible due to
>> >> >> >> ease
>> >> >> >> of
>> >> >> >> implementation. Multi homed computers such as RRAS servers
>> >> >> >> should
>> >> >> >> have
>> >> >> >> the
>> >> >> >> internal LAN network adapter at the top of the list in network
>> >> >> >> connections/advanced/advanced settings. The "external" adapter
>> >> >> >> for
>> >> >> >> internet
>> >> >> >> access should have file and print sharing, Client for Microsoft
>> >> >> >> Networks,
>> >> >> >> and netbios over tcp/ip disabled and also in dns the "register
>> >> >> >> this
>> >> >> >> connection" should be disabled for the external adapter. ---
>> >> >> >> Steve
>> >> >> >>
>> >> >> >>
>> >> >> >> ttp://support.microsoft.com/default.aspx?scid=kb;en-us;Q180094
>> >> >> >> --
>> >> >> >> lmhosts
>> >> >> >> for network browsing.
>> >> >> >>
>> >> >> >> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> >> >> >> news:449BB4A6-D7B8-4AE2-8009-0ACFB8F7BE60@microsoft.com...
>> >> >> >> >I have a 2003 Server running RRAS and managing VPN connections
>> >> >> >> >from
>> >> >> >> >empoyees
>> >> >> >> > on their home machines. They connect to the VPN fine but
>> >> >> >> > cannot
>> >> >> >> > use
>> >> >> >> > NetBIOS
>> >> >> >> > names to set up drive shares or browse the network. They
>> >> >> >> > instead
>> >> >> >> > have
>> >> >> >> > to
>> >> >> >> > use
>> >> >> >> > IP addresses. Is there any way around this?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Thanks,
>> >> >> >> > Marty
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
- Next message: Steven L Umbach: "Re: Easy RRAS VPN question"
- Previous message: Jimmy Andersson [MVP]: "Re: Replacing domain controller"
- In reply to: Marty S: "Re: VPN users not able to map drives using NetBIOS names"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
