Credentials and net use problem after IPSec VPN is build

Hi

I have this problem in two separate systems.

-2003 R2 server domain
-VPN FireWall where IPSec VPN is terminated
-Third Party IPSec VPN Client SW where usernames and pws are same as in the
server
-Net use /persistent:no

After the VPN tunnel is build I try to run "VPNLoginScript.bat" which maps
the drives to shares. For some reason I get this output very often:

net use y: /d
y: was deleted successfully.

net use y: \\192.168.1.10\Share
The password is invalid for \\192.168.1.10\Share.

Enter the user name for '192.168.1.10': MyLoginName@DomainName
Enter the password for 192.168.1.10:
The command completed successfully. <--- I can now open the share but why it
asks credentials?

********************************
If I place user name in the shorter way, I get this:

net use y: \\192.168.1.10\Share
The password is invalid for \\192.168.1.10\Share.

Enter the user name for '192.168.1.10': MyLoginName

To connect DomainName\MyLoginName to 192.168.1.10, press ENTER, or type a
new user name <--- This appears until i give the user name in syntax
MyLoginName@DomainName
**************************

This might be DNS problem but I wonder if there is a way to get rid of these
credentials questions. After all, when I login to a "VPNLaptop" I do give
domain credentials. Why they are asked again?

At least, is there a way to get a graphical Window asking for credentials?

Thanks,

Juha

P.S. The second place where I have this problem has a Radius Win Server and
the FW is a Radius Client for that. The behavoiur is same.

I have tested scripts having some ping, static DNS server settings and
flushdns/registerdns commands but not really happy with them.

Are they logon domain (even they don't connect to domain the domain
physically) using domain credentials? If you logon local computer using
their local username. They may have this issue. Or this post may have more
details.

Can't map network drives over VPN
http://www.chicagotech.net/netforums...hp?p=8355#8355

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Juha" <(E-Mail Removed)> wrote in message
news:0F9B5348-BE5E-4624-9516-(E-Mail Removed)...
> Hi
>
> I have this problem in two separate systems.
>
> -2003 R2 server domain
> -VPN FireWall where IPSec VPN is terminated
> -Third Party IPSec VPN Client SW where usernames and pws are same as in
> the
> server
> -Net use /persistent:no
>
> After the VPN tunnel is build I try to run "VPNLoginScript.bat" which maps
> the drives to shares. For some reason I get this output very often:
>
> net use y: /d
> y: was deleted successfully.
>
> net use y: \\192.168.1.10\Share
> The password is invalid for \\192.168.1.10\Share.
>
> Enter the user name for '192.168.1.10': MyLoginName@DomainName
> Enter the password for 192.168.1.10:
> The command completed successfully. <--- I can now open the share but why
> it
> asks credentials?
>
> ********************************
> If I place user name in the shorter way, I get this:
>
> net use y: \\192.168.1.10\Share
> The password is invalid for \\192.168.1.10\Share.
>
> Enter the user name for '192.168.1.10': MyLoginName
>
> To connect DomainName\MyLoginName to 192.168.1.10, press ENTER, or type a
> new user name <--- This appears until i give the user name in syntax
> MyLoginName@DomainName
> **************************
>
> This might be DNS problem but I wonder if there is a way to get rid of
> these
> credentials questions. After all, when I login to a "VPNLaptop" I do give
> domain credentials. Why they are asked again?
>
> At least, is there a way to get a graphical Window asking for credentials?
>
> Thanks,
>
> Juha
>
> P.S. The second place where I have this problem has a Radius Win Server
> and
> the FW is a Radius Client for that. The behavoiur is same.
>
> I have tested scripts having some ping, static DNS server settings and
> flushdns/registerdns commands but not really happy with them.

"Juha" <(E-Mail Removed)> wrote in message
news:0F9B5348-BE5E-4624-9516-(E-Mail Removed)...
> Hi
>
> I have this problem in two separate systems.
>
> -2003 R2 server domain
> -VPN FireWall where IPSec VPN is terminated
> -Third Party IPSec VPN Client SW where usernames and pws are same as in
> the
> server
> -Net use /persistent:no
>
> After the VPN tunnel is build I try to run "VPNLoginScript.bat" which maps
> the drives to shares. For some reason I get this output very often:
>
> net use y: /d
> y: was deleted successfully.
>
> net use y: \\192.168.1.10\Share
> The password is invalid for \\192.168.1.10\Share.
>
> Enter the user name for '192.168.1.10': MyLoginName@DomainName
> Enter the password for 192.168.1.10:
> The command completed successfully. <--- I can now open the share but why
> it
> asks credentials?
>
> ********************************
> If I place user name in the shorter way, I get this:
>
> net use y: \\192.168.1.10\Share
> The password is invalid for \\192.168.1.10\Share.
>
> Enter the user name for '192.168.1.10': MyLoginName
>
> To connect DomainName\MyLoginName to 192.168.1.10, press ENTER, or type a
> new user name <--- This appears until i give the user name in syntax
> MyLoginName@DomainName
> **************************
>
> This might be DNS problem but I wonder if there is a way to get rid of
> these
> credentials questions. After all, when I login to a "VPNLaptop" I do give
> domain credentials. Why they are asked again?
>
> At least, is there a way to get a graphical Window asking for credentials?
>
> Thanks,
>
> Juha
>
> P.S. The second place where I have this problem has a Radius Win Server
> and
> the FW is a Radius Client for that. The behavoiur is same.
>
> I have tested scripts having some ping, static DNS server settings and
> flushdns/registerdns commands but not really happy with them.

That is pretty much what I would expect. A VPN connection just gives you
connectivity. It does not log you in to the domain, The username and
password you use when you connect is only to authenticate the connection.

When you try to map a share, the credentials used will be from the
original logon to the client machine, not from the VPN connection. You need
to specify your domain credentials on the net use command.

Thanks

Yes they do logon to domain allways. It is funny that the other domain
having this issue has also a win-radius server. When giving credentials to
VPN FW they give domain credentials to FW. In the FW there aren't any user
names or passwords it checks them from win-Radius server. But still they need
to give them again when trying to open a share.

In radius scenario the RRAS is not enabled.

Rgs,

Juha


"Robert L. (MS-MVP)" wrote:

> Are they logon domain (even they don't connect to domain the domain
> physically) using domain credentials? If you logon local computer using
> their local username. They may have this issue. Or this post may have more
> details.
>
> Can't map network drives over VPN
> http://www.chicagotech.net/netforums...hp?p=8355#8355
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Juha" <(E-Mail Removed)> wrote in message
> news:0F9B5348-BE5E-4624-9516-(E-Mail Removed)...
> > Hi
> >
> > I have this problem in two separate systems.
> >
> > -2003 R2 server domain
> > -VPN FireWall where IPSec VPN is terminated
> > -Third Party IPSec VPN Client SW where usernames and pws are same as in
> > the
> > server
> > -Net use /persistent:no
> >
> > After the VPN tunnel is build I try to run "VPNLoginScript.bat" which maps
> > the drives to shares. For some reason I get this output very often:
> >
> > net use y: /d
> > y: was deleted successfully.
> >
> > net use y: \\192.168.1.10\Share
> > The password is invalid for \\192.168.1.10\Share.
> >
> > Enter the user name for '192.168.1.10': MyLoginName@DomainName
> > Enter the password for 192.168.1.10:
> > The command completed successfully. <--- I can now open the share but why
> > it
> > asks credentials?
> >
> > ********************************
> > If I place user name in the shorter way, I get this:
> >
> > net use y: \\192.168.1.10\Share
> > The password is invalid for \\192.168.1.10\Share.
> >
> > Enter the user name for '192.168.1.10': MyLoginName
> >
> > To connect DomainName\MyLoginName to 192.168.1.10, press ENTER, or type a
> > new user name <--- This appears until i give the user name in syntax
> > MyLoginName@DomainName
> > **************************
> >
> > This might be DNS problem but I wonder if there is a way to get rid of
> > these
> > credentials questions. After all, when I login to a "VPNLaptop" I do give
> > domain credentials. Why they are asked again?
> >
> > At least, is there a way to get a graphical Window asking for credentials?
> >
> > Thanks,
> >
> > Juha
> >
> > P.S. The second place where I have this problem has a Radius Win Server
> > and
> > the FW is a Radius Client for that. The behavoiur is same.
> >
> > I have tested scripts having some ping, static DNS server settings and
> > flushdns/registerdns commands but not really happy with them.
>
>

Thanks Bill

How can I specify domain credentials in the script? Surely, I can't code
usernames and passwords in shuch a script. Also, what happends when it is
time to change the win-password.

I wonder if I can start win-pptp-vpn from script before mapping the shares
(in my system the IPSec VPN tunnel is allready open at this point)? If I then
enable RRAS on the server the credentials exchange might be smarter. In such
scenario I run win-pptp-vpn inside the IPSec VPN tunnel.

RGS,

Juha
"Bill Grant" wrote:

>
>
> "Juha" <(E-Mail Removed)> wrote in message
> news:0F9B5348-BE5E-4624-9516-(E-Mail Removed)...
> > Hi
> >
> > I have this problem in two separate systems.
> >
> > -2003 R2 server domain
> > -VPN FireWall where IPSec VPN is terminated
> > -Third Party IPSec VPN Client SW where usernames and pws are same as in
> > the
> > server
> > -Net use /persistent:no
> >
> > After the VPN tunnel is build I try to run "VPNLoginScript.bat" which maps
> > the drives to shares. For some reason I get this output very often:
> >
> > net use y: /d
> > y: was deleted successfully.
> >
> > net use y: \\192.168.1.10\Share
> > The password is invalid for \\192.168.1.10\Share.
> >
> > Enter the user name for '192.168.1.10': MyLoginName@DomainName
> > Enter the password for 192.168.1.10:
> > The command completed successfully. <--- I can now open the share but why
> > it
> > asks credentials?
> >
> > ********************************
> > If I place user name in the shorter way, I get this:
> >
> > net use y: \\192.168.1.10\Share
> > The password is invalid for \\192.168.1.10\Share.
> >
> > Enter the user name for '192.168.1.10': MyLoginName
> >
> > To connect DomainName\MyLoginName to 192.168.1.10, press ENTER, or type a
> > new user name <--- This appears until i give the user name in syntax
> > MyLoginName@DomainName
> > **************************
> >
> > This might be DNS problem but I wonder if there is a way to get rid of
> > these
> > credentials questions. After all, when I login to a "VPNLaptop" I do give
> > domain credentials. Why they are asked again?
> >
> > At least, is there a way to get a graphical Window asking for credentials?
> >
> > Thanks,
> >
> > Juha
> >
> > P.S. The second place where I have this problem has a Radius Win Server
> > and
> > the FW is a Radius Client for that. The behavoiur is same.
> >
> > I have tested scripts having some ping, static DNS server settings and
> > flushdns/registerdns commands but not really happy with them.
>
> That is pretty much what I would expect. A VPN connection just gives you
> connectivity. It does not log you in to the domain, The username and
> password you use when you connect is only to authenticate the connection.
>
> When you try to map a share, the credentials used will be from the
> original logon to the client machine, not from the VPN connection. You need
> to specify your domain credentials on the net use command.
>
>