No access to WAN network shares over VPN

  • Thread starter Thread starter Robert Fischer
  • Start date Start date
R

Robert Fischer

Dear experts


I have a problem accessing any network shares from "outside the LAN" "Windos
Server 2003"-systems with a "Windows Vista"-system:

Detailed description:
I have a LAN behind a ADSL-Router and in this LAN there are
Vista-Vista-WS1: A Windows Vista Business Edition x64 (English)(current
patch level)
Vista-WS2: A Windows Vista Business Edition x86 (German)(current
patch level)
Vista-WS3: A Windows Vista Business Edition x86 (English)(current
patch level) in a Virtual Machine
XP-WS: A Windows XP Professional Edition x86
(English)(current patch level)
Srv-LAN: A Windows Server 2003 R2 x86 (English)(current patch
level) in a Virtual Machine
The Windows Server is configured as domain
controller, VPN-Server, DNS-Server, File-Server

I have a workplace environment in another site which can be accessed over
VPN:
DC-WAN: A Windows Server 2003 R2 x86 (English)(current patch
level) as Domain Controller
Exchange-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as
Exchange Server
FS-WAN: A Windows Server 2003 R2 x86 (English)(current patch
level) as File Server
VPN-WAN: A Windows Server 2003 R2 x86 (English)(current patch
level) as VPN-Server
Web-WAN: A Windows Server 2003 R2 x86 (English)(current patch
level) as Web-Server

Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect over VPN
with Srv-LAN and can successfully map any share from Srv-LAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect over VPN
with VPN-WAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect with the
Exchange Server Exchange-WAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect with the Web
Server Web-WAN
Vista-WS1, Vista-WS2, Vista-WS3 always fail to map any share from FS-WAN
XP-WS can successfully map any share from FS-WAN


Error messages:
c:\> net use x: \\<fqdn>\share
"System error 1214 has occured. The format of the specified network name is
invalid."
c:\> net use x: \\<NetBIOS-Name>\share
"System error 53 has occured. The network path was not found."
c:\> net use x: \\<IP-address>\share
"System error 53 has occured. The network path was not found."


Any ideas?
Thanks for your support in advance!

Dear regards and a happy new year... :-)




Robert Fischer
 
Dear experts


I have a problem accessing any network shares from "outside the LAN" "Windos Server 2003"-systems with a "Windows Vista"-system:

Detailed description:
I have a LAN behind a ADSL-Router and in this LAN there are
Vista-Vista-WS1: A Windows Vista Business Edition x64 (English)(current patch level)
Vista-WS2: A Windows Vista Business Edition x86 (German)(current patch level)
Vista-WS3: A Windows Vista Business Edition x86 (English)(current patch level) in a Virtual Machine
XP-WS: A Windows XP Professional Edition x86 (English)(current patch level)
Srv-LAN: A Windows Server 2003 R2 x86 (English)(current patch level) in a Virtual Machine
The Windows Server is configured as domain controller, VPN-Server, DNS-Server, File-Server

I have a workplace environment in another site which can be accessed over VPN:
DC-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as Domain Controller
Exchange-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as Exchange Server
FS-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as File Server
VPN-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as VPN-Server
Web-WAN: A Windows Server 2003 R2 x86 (English)(current patch level) as Web-Server

Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect over VPN with Srv-LAN and can successfully map any share from Srv-LAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect over VPN with VPN-WAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect with the Exchange Server Exchange-WAN
Vista-WS1, Vista-WS2, Vista-WS3, XP-WS can successfully connect with the Web Server Web-WAN
Vista-WS1, Vista-WS2, Vista-WS3 always fail to map any share from FS-WAN
XP-WS can successfully map any share from FS-WAN


Error messages:
c:\> net use x: \\<fqdn>\share
"System error 1214 has occured. The format of the specified network name is invalid."
c:\> net use x: \\<NetBIOS-Name>\share
"System error 53 has occured. The network path was not found."
c:\> net use x: \\<IP-address>\share
"System error 53 has occured. The network path was not found."


Any ideas?
Thanks for your support in advance!

Dear regards and a happy new year... :-)




Robert Fischer
 
Hello Admins

Windows Vista requires an open port 139 and NetBIOS enabled on the server to map a server share through a VPN connection - very poor for security!!!
But Microsoft is goin´ to fix that problem, they confirmed!
Best regards

Robert
 
Robert said:
Windows Vista requires an open port 139 and NetBIOS enabled on the
server to map a server share through a VPN connection - very poor for
security!!!
But Microsoft is goin´ to fix that problem, they confirmed!
Best regards

if they'd only hurry up a bit - not being able to use shares over vpn no
matter what begins to really hurt. :(

- thomas
 
May have a solution for this..

I logged it with our MS TSC, and he came up with this new kb article:
http://support.microsoft.com/?id=929853

I found I had to disable IPv6 for the vpn, add the destinations dns suffix
as detailed in the kb article to the dns advanced tab of the vpn connection.

Then I could map a drive to \\machine.doman.local\c$ (for example). It only
seems to work using the FQDN. I have only tried this on a VPN back to the
office (a domain my pc is a member of).



Good luck!
 
fred said:
May have a solution for this..

I logged it with our MS TSC, and he came up with this new kb article:
http://support.microsoft.com/?id=929853

I found I had to disable IPv6 for the vpn, add the destinations dns suffix
as detailed in the kb article to the dns advanced tab of the vpn connection.

Then I could map a drive to \\machine.doman.local\c$ (for example). It only
seems to work using the FQDN. I have only tried this on a VPN back to the
office (a domain my pc is a member of).



Good luck!

thanks for the link.

unfortunately, this doesn't seem to work when the local computer isn't
in the same domain, despite what the KB article says.

in our company, the vpn is set up to use a nonroutable ip space, namely
10.1.1.x. all the servers have assigned two or more ip adresses, where
one of them is public routable, and one of them is from the internal
adress space. the FQDN of the servers point to the public routable ips
instead of the private adress space. this is probably why the KB
solution doesn't work.

if MS only would post some fix to have vpn/ip routing behave the same as
in xp/w2k3...

- thomas
 
Sorry to hear it didn't work for you. I have found the fix to work when
connecting to alternate domains as well as my own though.

I know what you mean about the changes from XP - I have been trying to get
to the bottom of this for months! That's progress....
 
Robert Fischer said:
Windows Vista requires an open port 139 and NetBIOS enabled on the server to
map a server share through a VPN connection - very poor for security!!!
But Microsoft is goin´ to fix that problem, they confirmed!

There is a new hotfix KB933468 which should resolve this issue. I just
installed the hotfix and NetBIOS over TCP/IP is no longer required when
connecting to a network share through a VPN connection.

-Timo
 
Folks,
Windows Vista has a bug wherein it is not possible to access shares on a
machine from a Vista machine if NetBT is disabled on the Vista box or port
139 is blocked. The issue is fixed in SP1 Beta. The fix is also available
from Microsoft support. You can just call them and ask them for the fix. The
KB number associated with the fix is 933468. The title of the problem is
"SMB (port 445) does not bind on Vista over RAS connection "
I have seen many posts on this news group regarding share access
failures from Windows Vista over VPN. Please install this fix. You problem
will be resolved.
If the fix doesnt solve your issue please write to me.

thanks
Aanand
 
Back
Top