VPN users cannot see domain shares

[CiD]

Hello


I have a a windows xp machine that succesfully connects to a windows
2003 domain via VPN. Once connected the user gets the correct domain
ip address info, and is able to ping all other computers in the
domain. However, the user is not able to browse any network shares (
Except for the share on the actual vpn server )


To see if it was a permission issue, I tried vping into the server
with the admin log/password. Yet, the problem persist. It cannot be a
security issue since the admin cannot see the shares as well. By the
way,, the vpn server is sitting behind a firewall and the port 1723
and 47 are being forwarded to the vpn server. Any ideas why a domain
user connected to the domain via vpn cannot see any other shares on
the domain?



thanks.


P.S the laptop that is connecting to the vpn server doesnt have my
domain name under its ip configuration.


thanks guys.

 

[Herb Martin]

Hello


I have a a windows xp machine that succesfully connects to a windows
2003 domain via VPN. Once connected the user gets the correct domain
ip address info, and is able to ping all other computers in the
domain. However, the user is not able to browse any network shares (
Except for the share on the actual vpn server )

It's a NetBIOS issue -- so practically it is a WINS issue
probably.

Install WINS server.

Register all machines as WINS clients on their NIC-IP
properties and make sure the VPN server also assigns
it to the machines.

Remember that servers and even DCs need to be WINS
clients as well (also the WINS server itself usually.)

To see if it was a permission issue, I tried vping into the server
with the admin log/password. Yet, the problem persist.

Why would permissions matter? Browsing has never had
anything to do with permissions.

The probably is likely multiple subnets and you cannot
browse across subnets by default (broadcasts don't cross
routers by default.)

It cannot be a
security issue since the admin cannot see the shares as well. By the
way,, the vpn server is sitting behind a firewall and the port 1723
and 47 are being forwarded to the vpn server. Any ideas why a domain
user connected to the domain via vpn cannot see any other shares on
the domain?

As long as the VPN server, AT the network to be browsed, can
browse (aka "see") the network then the clients should be able
to work.

<
http://support.microsoft.com/Defaul...cedesks/webcasts/en/transcripts/wct061003.asp >

 

[CiD]

thank you, thank you!
I greatly appreciate your help and input in this matter.

i have just installed wins on the 2003 server . havent tried the vpn
yet, but i am sure it should work. i have been reading about wins and
vps a lot and your input to my earlier post drove the nail through!
thank you.

i have a question thought, i a\m a bit confused, please pardon my
ignorance.


2003 server has active directory which depends on a proper funtioning
DNS and dhcp in order to work. the dns server gets updated
automatically with ptr records a records and the such whenever a pc
joins the domain.. so why is the dns server not getting updated when a
new client is connecting via VPN?

also from what i gather Dns and wins does about the same thing. one
points domain names to ip address, the other netbios name to ip
address.. this might sound like a stupid question, but to me it sounds
like DNS should take care of the issue for VPN users... why is wins
needed in order to browse shares in the network when connected via
vpn?

once again, many, many thanks!


and merry xmas!

 

[Herb Martin]

2003 server has active directory which depends on a proper funtioning

DNS

Required for AD replication and preferred for AD authentication.

and dhcp in order to work.

Not actually required for AD, just a way to make it easy
to manage the client address assignments.

the dns server gets updated
automatically with ptr records a records and the such whenever a pc
joins the domain..

Only if you properly setup the reverse zone as a dynamic
zone -- which usually isn't even important.

It's the A-host records in the forward zones that really matter,
and mostly for the DCs and other servers.

so why is the dns server not getting updated when a
new client is connecting via VPN?

Probably because neither the VPN interface is not set to
update the entries -- the DHCP server cannot really do it
since the addresses are given to the RRAS (VPN) server.

I haven't tested it, but you might also try enabling the DHCP
relay agent on the VPN-RRAS server since this helps with
some other things. FYI: You cannot run the Relay and the
DHCP server on the SAME machine.

also from what i gather Dns and wins does about the same thing. one

Key word: "About"

DNS does it for Internet names, and WINS resolves NetBIOS names
to IP addresses.

points domain names to ip address, the other NetBIOS name to imp
address.. this might sound like a stupid question, but to me it sounds
like DNS should take care of the issue for VPN users... why is wins
needed in order to browse shares in the network when connected via
vpn?

You need NetBIOS name resolution IF you wish to support
legacy systems (Win9X/NT), or you wish to support legacy
NetBIOS applications on an IP network.

Many people say, "We don't have those", but practically everyone
wants BROWSING to work and Browsing is a Legacy NetBIOS
application.

You need WINS for NetBIOS resolution IF you have an IP
network with ROUTERS or MULTIPLE Domains.

(Technically, you could use LMHosts files instead but it's
not worth the trouble.)

There are also a handful of other reasons that Win2003 domains
need NetBIOS/WINS to work, including some Cluster, Exchange,
and TRUST issues.

External Trusts need NetBIOS resolution.

Practically: You need WINS Server(s) if you have a Microsoft
network of more than one subnet or more than one domain.

once again, many, many thanks!

You are welcome.

--
Herb Martin

thank you, thank you!
I greatly appreciate your help and input in this matter.

i have just installed wins on the 2003 server . havent tried the vpn
yet, but i am sure it should work. i have been reading about wins and
vps a lot and your input to my earlier post drove the nail through!
thank you.

i have a question thought, i a\m a bit confused, please pardon my
ignorance.


2003 server has active directory which depends on a proper funtioning
DNS and dhcp in order to work. the dns server gets updated
automatically with ptr records a records and the such whenever a pc
joins the domain.. so why is the dns server not getting updated when a
new client is connecting via VPN?

also from what i gather Dns and wins does about the same thing. one
points domain names to ip address, the other netbios name to ip
address.. this might sound like a stupid question, but to me it sounds
like DNS should take care of the issue for VPN users... why is wins
needed in order to browse shares in the network when connected via
vpn?

once again, many, many thanks!


and merry xmas!



http://support.microsoft.com/Default.aspx?scid=http://support.microsoft.com

/servicedesks/webcasts/en/transcripts/wct061003.asp >

 

[CiD]

you guys ROCK!!!


thanks!!!!!!!

Required for AD replication and preferred for AD authentication.


Not actually required for AD, just a way to make it easy
to manage the client address assignments.


Only if you properly setup the reverse zone as a dynamic
zone -- which usually isn't even important.

It's the A-host records in the forward zones that really matter,
and mostly for the DCs and other servers.


Probably because neither the VPN interface is not set to
update the entries -- the DHCP server cannot really do it
since the addresses are given to the RRAS (VPN) server.

I haven't tested it, but you might also try enabling the DHCP
relay agent on the VPN-RRAS server since this helps with
some other things. FYI: You cannot run the Relay and the
DHCP server on the SAME machine.


Key word: "About"

DNS does it for Internet names, and WINS resolves NetBIOS names
to IP addresses.


You need NetBIOS name resolution IF you wish to support
legacy systems (Win9X/NT), or you wish to support legacy
NetBIOS applications on an IP network.

Many people say, "We don't have those", but practically everyone
wants BROWSING to work and Browsing is a Legacy NetBIOS
application.

You need WINS for NetBIOS resolution IF you have an IP
network with ROUTERS or MULTIPLE Domains.

(Technically, you could use LMHosts files instead but it's
not worth the trouble.)

There are also a handful of other reasons that Win2003 domains
need NetBIOS/WINS to work, including some Cluster, Exchange,
and TRUST issues.

External Trusts need NetBIOS resolution.

Practically: You need WINS Server(s) if you have a Microsoft
network of more than one subnet or more than one domain.


You are welcome.