Can't Map Drive over VPN to Win2K Server but can to XP Pro desktops

[MartiniMurphy]

Seems there are various threads on mapping drives over VPN but none seem to answer this. I have set up a VPN to the network at my office and can connect from home ok but I can’t connect any drives to shares on the Windows 2000 Domain controller. I can connect to shares on the XP Pro desktops with no problem.

The Server is Win2k Small Business Server and is configured as the domain controller running DHCP, DNS, Exchange, SQL Server, etc. The network uses the 192.168.0.0 (255.255.255.0) range of addresses with the first 20 reserved for fixed addresses. The desktops within the LAN are all XP Pro and don’t have any problems connecting to shares on the server during normal network operation. The VPN is using a D-Link DFL-700 Firewall/VPN which comes straight into the network switch. The PC at home is running XP Pro and is using the D-Link client software to connect. The PC is not in the domain and connects to the internet using BT Broadband (U.K. ADSL). I have also tried a 56k dial-up and get the same results.

After connecting with the VPN I can ping the desktops and the server using both IP addresses and the host names (I set up the domain suffix on the client connection). If I connect to shares on the XP Pro desktops then I am prompted for a user id and password which connects if entered ok. The problem is connecting to shares on the Win2K Server. I just get the message ‘network path not found’.

In simple terms, from home I can do ‘net view xxxx’ for the desktops ok (although get the ‘access denied’ message as expected) but for the server I get the ‘network path not found’ message. I have tried using WINS on the server but that seems to make no difference. NetBIOS is enabled on the clients. I am assuming the problem is in the configuration of the NT Server as connecting to the XP Pro machines work. Reading various posts I think it has something to do with WINS or NetBIOS but the fact is I can connect to shares on the XP Pro machines without WINS. (All machines are fully service packed).

 

[Webmeisterus]

For interoperability with the Win XP boxes, you should install NetBEUI on the Win2K server. This is a very common problem with Windows Networking between 2K and XP.

 

[MartiniMurphy]

Ok, I've installed NetBEUI on the server network connection and rebooted the server. I'm still getting the same results. Is there anything I have to do on the VPN client side as well? I have had a look at the protocols in the XP Pro client and NetBEUI wasn't in the list or protocols that could be installed.

 

[MisterTeabag]

Windows Xp had netbui remopved as a protocol it is however on the disk as an option and can be installed. However i am not certain this is your problem.

When working with Sonicwall firewalls and the various clients from 5.1 to the current Global client I have encountered several problems when connectiong stations to network shares. The one thing i had to do was setu a hosts file for name recogniztion or else i had to map drives using the ip address of the server in question. Remember on a file server you are not logged in even though you may be inside the network via the VPN tunnel you ahve to login as a recognized user with premission to shares in order to access them unless you have that wide open in which case that's a huge security risk.

basically create a batch file to run a map to either the ip address and the share or a loginscript to actualy login to the server if possible via the vpn tunnel.

You can try static mapping within windows explorere and have the user name configured properly. Ie with Windows 2k-Xp configure your user account you are connecting with the same as one of the network users you are attempting to login as. If you are the network administrator then configure your local administrator accounts password to be identical as the networks.

try mapping the drives again and then let me know if it works, if not you may need to look at share permissions.

Hope this helps,

Paul

 

[MartiniMurphy]

Solved with the help of the excellent Microsoft support guys. Thanks to all who replied.

The problem was the SMB protocol was not enabled on the Domain Controller and so TCP port 445 was closed. This only seems to affect VPN clients.

The solution was to set
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters\SMBDeviceEnabled to 1

 

[murrayw]

Hi,

I am having the same problem as you - please could you give me some more detail on the reg key and what you did to solve this problem.

Many Thanks,

Murray

 

[MartiniMurphy]

Hi Murray

Unfortunately I out of the office for three weeks (on business) so here's a dump from memory.

There seemed to be so many possible problems that could cause this but the list seems to be:
- Check the basic VPN set up including IP settings (I assume when you say 'same problem' that is all ok and its just one machine you can't access). Make sure you are using NetBIOS on the TCP/IP connection settings. (NetBEUI is a red herring)
- Diagnose using, ping, ipconfig
- Check DNS/WINS, etc
- Trace using netmon or netcap (from MS) between the two end points. Try capturing ping & 'net view xxx'.
- Use DCDIAG (on the DC) & NETDIAG (from MS)
- Try the MPSRPT reports (

http://www.microsoft.com/downloads/...7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en

) for the 'Network' verion
- Check Domain Policy settings (I'm no expert on these)
- Check any firewall setting in the whole path including client, ISP, building, network & server. To eliminate this I connected a VPN client directly into the back of the firewall/VPN to cut out any 'internet issues'
- If still no joy then finally try registry settings. Ones tried were:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpip\parameters\EnablePMTUBHDetect=1 (enables Black Hole router detection)
...and the one mentioned in the previous post, which solved it. I think the reason it was set this way was maybe due to a previous ISA installation which was no longer required due to the switch to the h/w firewall. This opened up port 445 within the VPN which is needed for NetBIOS.

Now you can see why it took so long to solve. Look on Google/Microsoft for help on any of the above tools or Registry entries mentioned.

I assume your using a similar hardware setup (h/w VPN end point) rather than ISA server as I can't comment on that.
(not bad for a memory dump)
Good Luck

 

[MartiniMurphy]

To answer your question directly ... I paid £200 to Microsoft. You pays your money,....