Mapped Network Drives not connecting over VPN

Discussion in 'Windows Vista Networking' started by Don Devenney, Dec 4, 2008.

  1. Don Devenney

    Don Devenney Guest

    I have a rather perplexing issue involving a Vista machine trying to map a
    network drive over a VPN. First, the environment:

    I have a W2K3 R2 domain - servers fully patched, etc, and all XP SP3
    clients. We use Dfs to replicate files between our branch offices and have
    been doing so for almost 2 years. It's stable and working well. I have a few
    road warriors who connect back into the network via a PPTP VPN (yes, I
    know...). After connecting, they run a simple batch file containing Net Use
    commands to connect them to their network drives. This usually works.

    The issue concerns a user - a former employee, now a contractor - who is
    trying to connect into our network and map drives. He's using a Vista
    Business machine that is a domain member of the org. he's now working for.
    The Net Use command will complete, however he won't be able to "drill down"
    in the directory he's mapped to. He gets an access denied error if he tries
    to go lower than: \\serverIP\namespace\sharename. (note that I have to use
    \\ServerIP as I haven't been able to get name resolution for the domain name
    to work over the VPN connection).

    However, if he tries to connect to:
    \\ServerIP\Data\Sharename, where "Data" is the name of the actual directory
    on the server being represented by Dfs, then he can connect and drill down
    through his mapped drives.

    My questions are: a) Any thoughts as to why he can't drill down once he
    gets a drive mapped? He has all the required permissions.
    b) Is it safe to let him work in the actual data directory that Dfs is
    representing?

    Sorry for the long-winded post but I wanted to paint as clear a picture as
    possible.

    Thanks

    Don
     
    Don Devenney, Dec 4, 2008
    #1
    1. Advertisements

  2. Using IP when connecting VPN is OK and many people do that. If you do want
    to use the name, you may want to setup WINS.

    is serverIP is DFS server IP or DC? Posting the result of net view
    \\serverIp here may help.

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
     
    Robert L. \(MS-MVP\), Dec 4, 2008
    #2
    1. Advertisements

  3. Don Devenney

    Don Devenney Guest

    Here's the result of the net view

    C:\Windows\system32>net view \\192.168.2.3
    Shared resources at \\192.168.2.3


    Share name Type Used as Comment

    --------------------------------------------------------------------------------------------
    Data Disk
    Documents Disk
    NETLOGON Disk Logon server share
    PacificSport Disk
    SYSVOL Disk Logon server share
    The command completed successfully

    C:\Windows\system32>_

    The server IP in question is the DFS server, which is also a DC

    "PacificSport" is the virtual Dfs share. Data is the share containing the
    data represented by PacificSport.

    Thanks,

    d
     
    Don Devenney, Dec 4, 2008
    #3
  4. Do you see the sharename and namespace in net share? Or I assume the Data is
    namespace and that is why \\ServerIP\Data\Sharename works.

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
     
    Robert L. \(MS-MVP\), Dec 5, 2008
    #4
  5. Don Devenney

    Don Devenney Guest

    Hi Bob,

    \\ServerIP\Data is the actual share. "PacificSport" is the virtual Dfs
    share. So to re-cap,

    \\serverIP\Data\DesiredFolder works
    \\serverIP\PacificSport\DesiredFolder generates either a Network path cannot
    be found or access denied error. But only on this Vista machine, which is
    why I'm puzzled.

    Don
     
    Don Devenney, Dec 9, 2008
    #5
  6. Don Devenney

    Cyno Guest

    I know this one is old, but the answer is pretty simple. The problem is
    name resolution.

    The answer is to make sure the DNS suffix search has the DNS domains
    for the AD DCs, the domain of the DFS root, and the domain of the share
    server.
     
    Cyno, Apr 17, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.