Re: Mapped Drives over VPN
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 21 Nov 2006 12:37:22 GMT
Hello Customer,
Thank you for your update.
Based on research for the log, it's mostly the problem about authentication
when the client access remote share folders
When the client tries to access a share on the remote machine, Kerberos
authentication is required. In this process, the client needs to contact
the domain controller to get the ticket. If the DNS setting on the client
machine didn't point to the domain DNS server (usually the DC) it cannot
find the domain controller and cannot get the ticket, which will result in
the error that the you experienced.
When you access remote share folders, you need to authenticate from remote
domain controller, so make sure the client DNS point to remote domain
controller and ensure the VPN connection allow authenticate port (TCP 88
and UDP 88), please connect your VPN vendor for help.
There are several methods to configure DNS:
Method #1
In the client, manually assign the remote DNS sever to the machine.
Method #2
Use the following article to write a LMHOSTS file to manually point to the
DC
314108 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=314108
If the issue persists, please kindly help me collect some information for
further investigation:
1. Is there trust relation between 2 domain controllers?
2. Telnet TCP 88 from local to remote DC, is it success?
3. Gather ipconfig /all from local client.
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: vliffey@xxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: Mapped Drives over VPN
| Date: 20 Nov 2006 01:19:18 -0800
| Organization: http://groups.google.com
| Lines: 181
| Message-ID: <1164014357.942202.213510@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <1163586507.148649.133720@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <$IBExcWCHHA.4372@xxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 212.17.49.115
| Mime-Version: 1.0
| Content-Type: text/plain; charset="us-ascii"
| X-Trace: posting.google.com 1164014364 19898 127.0.0.1 (20 Nov 2006
09:19:24 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Mon, 20 Nov 2006 09:19:24 +0000 (UTC)
| In-Reply-To: <$IBExcWCHHA.4372@xxxxxxxxxxxxxxxxxxxxx>
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 2.0.50727),gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: m73g2000cwd.googlegroups.com; posting-host=212.17.49.115;
| posting-account=-R2WIA0AAADwl6Brg-m5Oc4SSWc4e31F
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed.c
w.net!cw.net!news-FFM2.ecrc.de!uio.no!news.tele.dk!news.tele.dk!small.news.t
ele.dk!feed118.news.tele.dk!postnews.google.com!m73g2000cwd.googlegroups.com
!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:313962
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| SBS server not the issue.
|
| Problem is when users from main office visit remote office.
| They have generally two mapped drives.
| They are unable to authenticate to this drive when in remote site
| across VPN.
| I have visited remote site myself and have been unable to map drives
| either.
| I get following Warning in event viewer....The Security System detected
| an attempted downgrade attack for server cifs/xxxfs01. The failure
| code from authentication protocol Kerberos was "There are currently no
| logon servers available to service the logon request.
| (0xc000005e)"
|
|
| I can ping both domain Controllers in Main office.
|
| Your continued help would be greatly appreciated.
|
| Thanks
| vin
|
| Terence Liu [MSFT] wrote:
| > Hello Customer,
| >
| > Thank you for posting here.
| >
| > From your post, I understand that you cannot connect share drive on SBS
| > server once you disconnect it. If I am off base, please feel free to
let me
| > know.
| >
| > First thing I need to confirm the method which you used to connect and
| > disconnect the drive with you. Please follow this KB:
| >
| > 308582 How to connect and disconnect a network drive in Windows XP
| > http://support.microsoft.com/kb/308582/EN-US/
| >
| > And before you remap the disconnect drive, I suggest that we'd better
| > reboot the client's computer first.
| >
| > Then, I'd like to give you some suggestions based on my experience
| >
| > Suggestion 1:
| > ==========================
| > Please check if you have installed some anti-virus software such as
| > Symantec and Banyan Vines Enterprise Client. Based on my experience,
some
| > anti-virus may lead to such symptoms, so please try to temporarily
remove
| > the anti-virus software to see the result.
| >
| > Suggestion 2:
| > ==========================
| > IMPORTANT: This method contains information about modifying the
registry.
| > Before you modify the registry, make sure to back it up and make sure
that
| > you understand how to restore the registry if a problem occurs. For
| > information about how to back up, restore, and edit the registry, click
the
| > following article number to view the article in the Microsoft Knowledge
| > Base:
| >
| > Description of the Microsoft Windows Registry:
| > http://support.microsoft.com/kb/256986/EN-US/
| >
| > Please go to the location of the registry at:
| >
| > HKEY_USERS\.DEFAULT\NETWORK
| > HKEY_CURRENT_USER\NETWORK
| >
| > Please check if the disconnect drives are listed. We may backup and
remove
| > the subkeys.
| >
| > Then reboot client computer and try to remap the drive you want.
| >
| > In additional, if the mapped drive was disconnected by itself, you can
| > follow the below KB:
| >
| > Mapped Drive Connection to Network Share May Be Lost
| > http://support.microsoft.com/kb/297684/EN-US/
| >
| > If the issue persists, please let me know following points so that I can
| > perform further research on this issue:
| >
| > 1. If all clients in this remote site have same problem?
| >
| > 2. Is this problem happen in local network?
| >
| > 3. Is there any error massage you received when you can not map the
drive?
| >
| > Hope these steps will give you some help. Please let me know the
results so
| > that I can provide further assistance on this problem. I am looking
forward
| > to your reply. Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | From: vliffey@xxxxxxxxx
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Subject: Mapped Drives over VPN
| > | Date: 15 Nov 2006 02:28:27 -0800
| > | Organization: http://groups.google.com
| > | Lines: 25
| > | Message-ID: <1163586507.148649.133720@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| > | NNTP-Posting-Host: 212.17.49.115
| > | Mime-Version: 1.0
| > | Content-Type: text/plain; charset="iso-8859-1"
| > | X-Trace: posting.google.com 1163586512 30473 127.0.0.1 (15 Nov 2006
| > 10:28:32 GMT)
| > | X-Complaints-To: groups-abuse@xxxxxxxxxx
| > | NNTP-Posting-Date: Wed, 15 Nov 2006 10:28:32 +0000 (UTC)
| > | User-Agent: G2/1.0
| > | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1;
| > .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| > | Complaints-To: groups-abuse@xxxxxxxxxx
| > | Injection-Info: h54g2000cwb.googlegroups.com;
posting-host=212.17.49.115;
| > | posting-account=-R2WIA0AAADwl6Brg-m5Oc4SSWc4e31F
| > | Path:
| >
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!msrtrans!m
| >
srn-in!newshub.sdsu.edu!postnews.google.com!h54g2000cwb.googlegroups.com!not
| > -for-mail
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:312822
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi,
| > |
| > | I have a W2003 AD setup with a number of remote sites.
| > | One of these sites has SBS 2003 installed that serves the 7 employees
| > | fine.
| > | I also have a hot desk setup which is basically a network cable on a
| > | desk that users from main office use to connect up.
| > | However I am having a prob with their mapped drives, they get
| > | disconnected.
| > | I have put server names and IP addresses into local host files on
| > | laptops.(have also tried making entry in DNS on SBS server, but dont
| > | hav it in both at same time)
| > | When I map the drive though with a Domain Admin account it mapps but
| > | then once you disconnect it again and try to reconnect with same
| > | account it wont let you.
| > | Its prob some security thing in XP but I want to get rid of it!!!
| > | There is a VPN between remote site (sonicwall) and main office
| > | (Checkpoint NGX)
| > | and that is working fine as users can access intranet fine and son on.
| > | they can even run an old accounts package that they need from time to
| > | time!!
| > | Can ping everything up there and they can ping everything here.......
| > | Please please help....
| > | Vin
| > |
| > |
|
|
.
- References:
- Mapped Drives over VPN
- From: vliffey
- Re: Mapped Drives over VPN
- From: vliffey
- Mapped Drives over VPN
- Prev by Date: Re: ERROR: Could not create an ICertificate object
- Next by Date: Re: Restore single mailbox using veritas
- Previous by thread: Re: Mapped Drives over VPN
- Next by thread: Re: new sbs 2003 install cannot connect XP pro to domain logon
- Index(es):
Relevant Pages
|
