VPN users not able to map drives using NetBIOS names

I have a 2003 Server running RRAS and managing VPN connections from empoyees
on their home machines. They connect to the VPN fine but cannot use NetBIOS
names to set up drive shares or browse the network. They instead have to use
IP addresses. Is there any way around this?


Thanks,
Marty

There is an option in Windows 2003 RRAS that may help. Open the RRAS
Management Console and find your server, right click and select properties,
go to the IP page and make sure "enable broadcast name resolution" is
enabled. If that does not help configure wins server on your network making
sure that all the servers are also wins clients. Lmhosts files could also be
used, though it makes more sense to use wins if possible due to ease of
implementation. Multi homed computers such as RRAS servers should have the
internal LAN network adapter at the top of the list in network
connections/advanced/advanced settings. The "external" adapter for internet
access should have file and print sharing, Client for Microsoft Networks,
and netbios over tcp/ip disabled and also in dns the "register this
connection" should be disabled for the external adapter. --- Steve

http://support.microsoft.com/default...;en-us;Q180094 -- lmhosts
for network browsing.

"Marty S" <(E-Mail Removed)> wrote in message
news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
>I have a 2003 Server running RRAS and managing VPN connections from
>empoyees
> on their home machines. They connect to the VPN fine but cannot use
> NetBIOS
> names to set up drive shares or browse the network. They instead have to
> use
> IP addresses. Is there any way around this?
>
>
> Thanks,
> Marty

Enable BNR is checked. I have two existing WINS servers, one of which is the
RRAS server. I did have this server set up with dual NIC's, one for RRAS and
one for regular LAN traffic. The one NIC that is active right now has 5 IP
addresses bound to it for some internal web hosting. What is the best way to
set up a RRAS server, one or two NIC's? If two, then what exactly do you
have each of them set up to do?

I also wanted to mention that if I take my laptop home, which is part of the
domain at the office, I can connect to the VPN and ping everything and browse
as usual. It is only on machines that are not part of the domain that I am
having the problem. I didn't know if this would make a difference in your
response or not.

Thanks Steve!

"Steven L Umbach" wrote:

> There is an option in Windows 2003 RRAS that may help. Open the RRAS
> Management Console and find your server, right click and select properties,
> go to the IP page and make sure "enable broadcast name resolution" is
> enabled. If that does not help configure wins server on your network making
> sure that all the servers are also wins clients. Lmhosts files could also be
> used, though it makes more sense to use wins if possible due to ease of
> implementation. Multi homed computers such as RRAS servers should have the
> internal LAN network adapter at the top of the list in network
> connections/advanced/advanced settings. The "external" adapter for internet
> access should have file and print sharing, Client for Microsoft Networks,
> and netbios over tcp/ip disabled and also in dns the "register this
> connection" should be disabled for the external adapter. --- Steve
>
> http://support.microsoft.com/default...;en-us;Q180094 -- lmhosts
> for network browsing.
>
> "Marty S" <(E-Mail Removed)> wrote in message
> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
> >I have a 2003 Server running RRAS and managing VPN connections from
> >empoyees
> > on their home machines. They connect to the VPN fine but cannot use
> > NetBIOS
> > names to set up drive shares or browse the network. They instead have to
> > use
> > IP addresses. Is there any way around this?
> >
> >
> > Thanks,
> > Marty
>
>
>

As I mentioned for the external network adapter connected to the internet
access should have file and print sharing, Client for Microsoft Networks,
and netbios over tcp/ip disabled and also in dns the "register this
connection" should be disabled for the external adapter. Your wins server
should only be listed on the internal network adapter used for the lan and
the internal lan adapter needs to be at the top of the list in network
connections advanced/advanced settings.

RRAS servers normally have two physical network adapters unless it is behind
a NAT router/firewall connection that forwards VPN connections to the RRAS
server's internal network adapter. On one of the client VPN's that can not
browse the network run Ipconfig /all to see if they are being assigned a
wins server for their VPN connection. I understand that some "protection"
software installed on a computer such as personal firewalls or even anti
virus programs can be configured to block over tcp/ip netbios which will
block the browse service traffic that allows the use of My Network Places.
Booting into safe mode will bypass such programs but also will bypass
personal firewalls so do not try such unless the user is also behind a
firewall device such as a NAT router/firewall. Another thing to try is to
have the user name the workgroup their computer is in to the same name as
your domain. However if they are a member of another domain do NOT have them
do such or they may be locked out from logging onto their computer. ---
Steve


"Marty S" <(E-Mail Removed)> wrote in message
news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
> Enable BNR is checked. I have two existing WINS servers, one of which is
> the
> RRAS server. I did have this server set up with dual NIC's, one for RRAS
> and
> one for regular LAN traffic. The one NIC that is active right now has 5
> IP
> addresses bound to it for some internal web hosting. What is the best way
> to
> set up a RRAS server, one or two NIC's? If two, then what exactly do you
> have each of them set up to do?
>
> I also wanted to mention that if I take my laptop home, which is part of
> the
> domain at the office, I can connect to the VPN and ping everything and
> browse
> as usual. It is only on machines that are not part of the domain that I
> am
> having the problem. I didn't know if this would make a difference in your
> response or not.
>
> Thanks Steve!
>
> "Steven L Umbach" wrote:
>
>> There is an option in Windows 2003 RRAS that may help. Open the RRAS
>> Management Console and find your server, right click and select
>> properties,
>> go to the IP page and make sure "enable broadcast name resolution" is
>> enabled. If that does not help configure wins server on your network
>> making
>> sure that all the servers are also wins clients. Lmhosts files could also
>> be
>> used, though it makes more sense to use wins if possible due to ease of
>> implementation. Multi homed computers such as RRAS servers should have
>> the
>> internal LAN network adapter at the top of the list in network
>> connections/advanced/advanced settings. The "external" adapter for
>> internet
>> access should have file and print sharing, Client for Microsoft Networks,
>> and netbios over tcp/ip disabled and also in dns the "register this
>> connection" should be disabled for the external adapter. --- Steve
>>
>> http://support.microsoft.com/default...;en-us;Q180094 --
>> lmhosts
>> for network browsing.
>>
>> "Marty S" <(E-Mail Removed)> wrote in message
>> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
>> >I have a 2003 Server running RRAS and managing VPN connections from
>> >empoyees
>> > on their home machines. They connect to the VPN fine but cannot use
>> > NetBIOS
>> > names to set up drive shares or browse the network. They instead have
>> > to
>> > use
>> > IP addresses. Is there any way around this?
>> >
>> >
>> > Thanks,
>> > Marty
>>
>>
>>

My server is behind a firewall that forwards the VPN traffic to it via NAT.
Is it okay to use a single NIC for this application? I noticed something
weird. The only thing i can ping from a non-domain machine connected to the
VPN is the RRAS server itself. I get a return ping from one of the IP
addresses in the static pool that i set up for RRAS.

Marty

"Steven L Umbach" wrote:

> As I mentioned for the external network adapter connected to the internet
> access should have file and print sharing, Client for Microsoft Networks,
> and netbios over tcp/ip disabled and also in dns the "register this
> connection" should be disabled for the external adapter. Your wins server
> should only be listed on the internal network adapter used for the lan and
> the internal lan adapter needs to be at the top of the list in network
> connections advanced/advanced settings.
>
> RRAS servers normally have two physical network adapters unless it is behind
> a NAT router/firewall connection that forwards VPN connections to the RRAS
> server's internal network adapter. On one of the client VPN's that can not
> browse the network run Ipconfig /all to see if they are being assigned a
> wins server for their VPN connection. I understand that some "protection"
> software installed on a computer such as personal firewalls or even anti
> virus programs can be configured to block over tcp/ip netbios which will
> block the browse service traffic that allows the use of My Network Places.
> Booting into safe mode will bypass such programs but also will bypass
> personal firewalls so do not try such unless the user is also behind a
> firewall device such as a NAT router/firewall. Another thing to try is to
> have the user name the workgroup their computer is in to the same name as
> your domain. However if they are a member of another domain do NOT have them
> do such or they may be locked out from logging onto their computer. ---
> Steve
>
>
> "Marty S" <(E-Mail Removed)> wrote in message
> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
> > Enable BNR is checked. I have two existing WINS servers, one of which is
> > the
> > RRAS server. I did have this server set up with dual NIC's, one for RRAS
> > and
> > one for regular LAN traffic. The one NIC that is active right now has 5
> > IP
> > addresses bound to it for some internal web hosting. What is the best way
> > to
> > set up a RRAS server, one or two NIC's? If two, then what exactly do you
> > have each of them set up to do?
> >
> > I also wanted to mention that if I take my laptop home, which is part of
> > the
> > domain at the office, I can connect to the VPN and ping everything and
> > browse
> > as usual. It is only on machines that are not part of the domain that I
> > am
> > having the problem. I didn't know if this would make a difference in your
> > response or not.
> >
> > Thanks Steve!
> >
> > "Steven L Umbach" wrote:
> >
> >> There is an option in Windows 2003 RRAS that may help. Open the RRAS
> >> Management Console and find your server, right click and select
> >> properties,
> >> go to the IP page and make sure "enable broadcast name resolution" is
> >> enabled. If that does not help configure wins server on your network
> >> making
> >> sure that all the servers are also wins clients. Lmhosts files could also
> >> be
> >> used, though it makes more sense to use wins if possible due to ease of
> >> implementation. Multi homed computers such as RRAS servers should have
> >> the
> >> internal LAN network adapter at the top of the list in network
> >> connections/advanced/advanced settings. The "external" adapter for
> >> internet
> >> access should have file and print sharing, Client for Microsoft Networks,
> >> and netbios over tcp/ip disabled and also in dns the "register this
> >> connection" should be disabled for the external adapter. --- Steve
> >>
> >> http://support.microsoft.com/default...;en-us;Q180094 --
> >> lmhosts
> >> for network browsing.
> >>
> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
> >> >I have a 2003 Server running RRAS and managing VPN connections from
> >> >empoyees
> >> > on their home machines. They connect to the VPN fine but cannot use
> >> > NetBIOS
> >> > names to set up drive shares or browse the network. They instead have
> >> > to
> >> > use
> >> > IP addresses. Is there any way around this?
> >> >
> >> >
> >> > Thanks,
> >> > Marty
> >>
> >>
> >>
>
>
>

Using a single physical network adapter in your configuration is fine and I
have done it myself with great results. Normally I would say to make sure
that the RRAS server is configured to enable IP routing in the IP properties
of the server in RRAS Management console but I believe you said that you can
already access the internal network from your own computer as a VPN client
so it would seem that is already enabled. If not doing so already, try to
ping by the internal network by IP address also instead of just name. Input
and output filters on your internal network adapter or in Remote Access
Policy could also be restricting access to those computers but that would
not be configured by default. I assume the static pool IP addresses are also
on the same network as the RRAS server's internal network adapter connected
to the lan. The VPN server itself will be assigned one of those addresses
for the virtual adapter it uses for the VPN server connection that would be
different than the actual address of the physical adapter. Just make sure
that IP address is not the same IP address as assigned to the VPN client as
I have seen that before. You can check the status/details of the VPN
connection to see what addresses are used for that connection.--- Steve


"Marty S" <(E-Mail Removed)> wrote in message
news:108E8272-C389-445D-AC81-(E-Mail Removed)...
> My server is behind a firewall that forwards the VPN traffic to it via
> NAT.
> Is it okay to use a single NIC for this application? I noticed something
> weird. The only thing i can ping from a non-domain machine connected to
> the
> VPN is the RRAS server itself. I get a return ping from one of the IP
> addresses in the static pool that i set up for RRAS.
>
> Marty
>
> "Steven L Umbach" wrote:
>
>> As I mentioned for the external network adapter connected to the internet
>> access should have file and print sharing, Client for Microsoft Networks,
>> and netbios over tcp/ip disabled and also in dns the "register this
>> connection" should be disabled for the external adapter. Your wins server
>> should only be listed on the internal network adapter used for the lan
>> and
>> the internal lan adapter needs to be at the top of the list in network
>> connections advanced/advanced settings.
>>
>> RRAS servers normally have two physical network adapters unless it is
>> behind
>> a NAT router/firewall connection that forwards VPN connections to the
>> RRAS
>> server's internal network adapter. On one of the client VPN's that can
>> not
>> browse the network run Ipconfig /all to see if they are being assigned a
>> wins server for their VPN connection. I understand that some "protection"
>> software installed on a computer such as personal firewalls or even anti
>> virus programs can be configured to block over tcp/ip netbios which will
>> block the browse service traffic that allows the use of My Network
>> Places.
>> Booting into safe mode will bypass such programs but also will bypass
>> personal firewalls so do not try such unless the user is also behind a
>> firewall device such as a NAT router/firewall. Another thing to try is to
>> have the user name the workgroup their computer is in to the same name as
>> your domain. However if they are a member of another domain do NOT have
>> them
>> do such or they may be locked out from logging onto their computer. ---
>> Steve
>>
>>
>> "Marty S" <(E-Mail Removed)> wrote in message
>> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
>> > Enable BNR is checked. I have two existing WINS servers, one of which
>> > is
>> > the
>> > RRAS server. I did have this server set up with dual NIC's, one for
>> > RRAS
>> > and
>> > one for regular LAN traffic. The one NIC that is active right now has
>> > 5
>> > IP
>> > addresses bound to it for some internal web hosting. What is the best
>> > way
>> > to
>> > set up a RRAS server, one or two NIC's? If two, then what exactly do
>> > you
>> > have each of them set up to do?
>> >
>> > I also wanted to mention that if I take my laptop home, which is part
>> > of
>> > the
>> > domain at the office, I can connect to the VPN and ping everything and
>> > browse
>> > as usual. It is only on machines that are not part of the domain that
>> > I
>> > am
>> > having the problem. I didn't know if this would make a difference in
>> > your
>> > response or not.
>> >
>> > Thanks Steve!
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> There is an option in Windows 2003 RRAS that may help. Open the RRAS
>> >> Management Console and find your server, right click and select
>> >> properties,
>> >> go to the IP page and make sure "enable broadcast name resolution" is
>> >> enabled. If that does not help configure wins server on your network
>> >> making
>> >> sure that all the servers are also wins clients. Lmhosts files could
>> >> also
>> >> be
>> >> used, though it makes more sense to use wins if possible due to ease
>> >> of
>> >> implementation. Multi homed computers such as RRAS servers should have
>> >> the
>> >> internal LAN network adapter at the top of the list in network
>> >> connections/advanced/advanced settings. The "external" adapter for
>> >> internet
>> >> access should have file and print sharing, Client for Microsoft
>> >> Networks,
>> >> and netbios over tcp/ip disabled and also in dns the "register this
>> >> connection" should be disabled for the external adapter. --- Steve
>> >>
>> >> http://support.microsoft.com/default...;en-us;Q180094 --
>> >> lmhosts
>> >> for network browsing.
>> >>
>> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
>> >> >I have a 2003 Server running RRAS and managing VPN connections from
>> >> >empoyees
>> >> > on their home machines. They connect to the VPN fine but cannot use
>> >> > NetBIOS
>> >> > names to set up drive shares or browse the network. They instead
>> >> > have
>> >> > to
>> >> > use
>> >> > IP addresses. Is there any way around this?
>> >> >
>> >> >
>> >> > Thanks,
>> >> > Marty
>> >>
>> >>
>> >>
>>
>>
>>

IP routing is enabled on the IP tab of the RRAS properties. Yes I can access
everything via VPN with NetBIOS names using my laptop, which is already a
part of the domain. The pool for VPN clients is within the same subnet as
the VPN server. I also checked the filters within the RRAS properties and
everything looks okay and appears to be set to their defaults? As for the IP
address used for the VPN interface, it is the first address out of the static
pool that I set up for VPN clients to pull from, is that a problem?

"Steven L Umbach" wrote:

> Using a single physical network adapter in your configuration is fine and I
> have done it myself with great results. Normally I would say to make sure
> that the RRAS server is configured to enable IP routing in the IP properties
> of the server in RRAS Management console but I believe you said that you can
> already access the internal network from your own computer as a VPN client
> so it would seem that is already enabled. If not doing so already, try to
> ping by the internal network by IP address also instead of just name. Input
> and output filters on your internal network adapter or in Remote Access
> Policy could also be restricting access to those computers but that would
> not be configured by default. I assume the static pool IP addresses are also
> on the same network as the RRAS server's internal network adapter connected
> to the lan. The VPN server itself will be assigned one of those addresses
> for the virtual adapter it uses for the VPN server connection that would be
> different than the actual address of the physical adapter. Just make sure
> that IP address is not the same IP address as assigned to the VPN client as
> I have seen that before. You can check the status/details of the VPN
> connection to see what addresses are used for that connection.--- Steve
>
>
> "Marty S" <(E-Mail Removed)> wrote in message
> news:108E8272-C389-445D-AC81-(E-Mail Removed)...
> > My server is behind a firewall that forwards the VPN traffic to it via
> > NAT.
> > Is it okay to use a single NIC for this application? I noticed something
> > weird. The only thing i can ping from a non-domain machine connected to
> > the
> > VPN is the RRAS server itself. I get a return ping from one of the IP
> > addresses in the static pool that i set up for RRAS.
> >
> > Marty
> >
> > "Steven L Umbach" wrote:
> >
> >> As I mentioned for the external network adapter connected to the internet
> >> access should have file and print sharing, Client for Microsoft Networks,
> >> and netbios over tcp/ip disabled and also in dns the "register this
> >> connection" should be disabled for the external adapter. Your wins server
> >> should only be listed on the internal network adapter used for the lan
> >> and
> >> the internal lan adapter needs to be at the top of the list in network
> >> connections advanced/advanced settings.
> >>
> >> RRAS servers normally have two physical network adapters unless it is
> >> behind
> >> a NAT router/firewall connection that forwards VPN connections to the
> >> RRAS
> >> server's internal network adapter. On one of the client VPN's that can
> >> not
> >> browse the network run Ipconfig /all to see if they are being assigned a
> >> wins server for their VPN connection. I understand that some "protection"
> >> software installed on a computer such as personal firewalls or even anti
> >> virus programs can be configured to block over tcp/ip netbios which will
> >> block the browse service traffic that allows the use of My Network
> >> Places.
> >> Booting into safe mode will bypass such programs but also will bypass
> >> personal firewalls so do not try such unless the user is also behind a
> >> firewall device such as a NAT router/firewall. Another thing to try is to
> >> have the user name the workgroup their computer is in to the same name as
> >> your domain. However if they are a member of another domain do NOT have
> >> them
> >> do such or they may be locked out from logging onto their computer. ---
> >> Steve
> >>
> >>
> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
> >> > Enable BNR is checked. I have two existing WINS servers, one of which
> >> > is
> >> > the
> >> > RRAS server. I did have this server set up with dual NIC's, one for
> >> > RRAS
> >> > and
> >> > one for regular LAN traffic. The one NIC that is active right now has
> >> > 5
> >> > IP
> >> > addresses bound to it for some internal web hosting. What is the best
> >> > way
> >> > to
> >> > set up a RRAS server, one or two NIC's? If two, then what exactly do
> >> > you
> >> > have each of them set up to do?
> >> >
> >> > I also wanted to mention that if I take my laptop home, which is part
> >> > of
> >> > the
> >> > domain at the office, I can connect to the VPN and ping everything and
> >> > browse
> >> > as usual. It is only on machines that are not part of the domain that
> >> > I
> >> > am
> >> > having the problem. I didn't know if this would make a difference in
> >> > your
> >> > response or not.
> >> >
> >> > Thanks Steve!
> >> >
> >> > "Steven L Umbach" wrote:
> >> >
> >> >> There is an option in Windows 2003 RRAS that may help. Open the RRAS
> >> >> Management Console and find your server, right click and select
> >> >> properties,
> >> >> go to the IP page and make sure "enable broadcast name resolution" is
> >> >> enabled. If that does not help configure wins server on your network
> >> >> making
> >> >> sure that all the servers are also wins clients. Lmhosts files could
> >> >> also
> >> >> be
> >> >> used, though it makes more sense to use wins if possible due to ease
> >> >> of
> >> >> implementation. Multi homed computers such as RRAS servers should have
> >> >> the
> >> >> internal LAN network adapter at the top of the list in network
> >> >> connections/advanced/advanced settings. The "external" adapter for
> >> >> internet
> >> >> access should have file and print sharing, Client for Microsoft
> >> >> Networks,
> >> >> and netbios over tcp/ip disabled and also in dns the "register this
> >> >> connection" should be disabled for the external adapter. --- Steve
> >> >>
> >> >> http://support.microsoft.com/default...;en-us;Q180094 --
> >> >> lmhosts
> >> >> for network browsing.
> >> >>
> >> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
> >> >> >I have a 2003 Server running RRAS and managing VPN connections from
> >> >> >empoyees
> >> >> > on their home machines. They connect to the VPN fine but cannot use
> >> >> > NetBIOS
> >> >> > names to set up drive shares or browse the network. They instead
> >> >> > have
> >> >> > to
> >> >> > use
> >> >> > IP addresses. Is there any way around this?
> >> >> >
> >> >> >
> >> >> > Thanks,
> >> >> > Marty
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

It is no problem in that it is the first IP address and often that is the
case. Can the VPN clients ping the internal servers after making the VPN
connection by their IP address?? Does an ipconfig /all show that they are
receiving the correct IP address of the wins server? Does anything in their
ipconfig /all look different than the ipconfig /all for your laptop [other
than assigned IP address]? Are you using the same VPN client and are they
configured that same? If the other computers search for the name of servers
in My Network Places does it eventually work? --- Steve


"Marty S" <(E-Mail Removed)> wrote in message
news:771FBE52-35AC-4F69-8C12-(E-Mail Removed)...
> IP routing is enabled on the IP tab of the RRAS properties. Yes I can
> access
> everything via VPN with NetBIOS names using my laptop, which is already a
> part of the domain. The pool for VPN clients is within the same subnet as
> the VPN server. I also checked the filters within the RRAS properties and
> everything looks okay and appears to be set to their defaults? As for the
> IP
> address used for the VPN interface, it is the first address out of the
> static
> pool that I set up for VPN clients to pull from, is that a problem?
>
> "Steven L Umbach" wrote:
>
>> Using a single physical network adapter in your configuration is fine and
>> I
>> have done it myself with great results. Normally I would say to make sure
>> that the RRAS server is configured to enable IP routing in the IP
>> properties
>> of the server in RRAS Management console but I believe you said that you
>> can
>> already access the internal network from your own computer as a VPN
>> client
>> so it would seem that is already enabled. If not doing so already, try to
>> ping by the internal network by IP address also instead of just name.
>> Input
>> and output filters on your internal network adapter or in Remote Access
>> Policy could also be restricting access to those computers but that would
>> not be configured by default. I assume the static pool IP addresses are
>> also
>> on the same network as the RRAS server's internal network adapter
>> connected
>> to the lan. The VPN server itself will be assigned one of those addresses
>> for the virtual adapter it uses for the VPN server connection that would
>> be
>> different than the actual address of the physical adapter. Just make sure
>> that IP address is not the same IP address as assigned to the VPN client
>> as
>> I have seen that before. You can check the status/details of the VPN
>> connection to see what addresses are used for that connection.--- Steve
>>
>>
>> "Marty S" <(E-Mail Removed)> wrote in message
>> news:108E8272-C389-445D-AC81-(E-Mail Removed)...
>> > My server is behind a firewall that forwards the VPN traffic to it via
>> > NAT.
>> > Is it okay to use a single NIC for this application? I noticed
>> > something
>> > weird. The only thing i can ping from a non-domain machine connected
>> > to
>> > the
>> > VPN is the RRAS server itself. I get a return ping from one of the IP
>> > addresses in the static pool that i set up for RRAS.
>> >
>> > Marty
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> As I mentioned for the external network adapter connected to the
>> >> internet
>> >> access should have file and print sharing, Client for Microsoft
>> >> Networks,
>> >> and netbios over tcp/ip disabled and also in dns the "register this
>> >> connection" should be disabled for the external adapter. Your wins
>> >> server
>> >> should only be listed on the internal network adapter used for the lan
>> >> and
>> >> the internal lan adapter needs to be at the top of the list in network
>> >> connections advanced/advanced settings.
>> >>
>> >> RRAS servers normally have two physical network adapters unless it is
>> >> behind
>> >> a NAT router/firewall connection that forwards VPN connections to the
>> >> RRAS
>> >> server's internal network adapter. On one of the client VPN's that can
>> >> not
>> >> browse the network run Ipconfig /all to see if they are being assigned
>> >> a
>> >> wins server for their VPN connection. I understand that some
>> >> "protection"
>> >> software installed on a computer such as personal firewalls or even
>> >> anti
>> >> virus programs can be configured to block over tcp/ip netbios which
>> >> will
>> >> block the browse service traffic that allows the use of My Network
>> >> Places.
>> >> Booting into safe mode will bypass such programs but also will bypass
>> >> personal firewalls so do not try such unless the user is also behind a
>> >> firewall device such as a NAT router/firewall. Another thing to try is
>> >> to
>> >> have the user name the workgroup their computer is in to the same name
>> >> as
>> >> your domain. However if they are a member of another domain do NOT
>> >> have
>> >> them
>> >> do such or they may be locked out from logging onto their
>> >> omputer. ---
>> >> Steve
>> >>
>> >>
>> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
>> >> > Enable BNR is checked. I have two existing WINS servers, one of
>> >> > which
>> >> > is
>> >> > the
>> >> > RRAS server. I did have this server set up with dual NIC's, one for
>> >> > RRAS
>> >> > and
>> >> > one for regular LAN traffic. The one NIC that is active right now
>> >> > has
>> >> > 5
>> >> > IP
>> >> > addresses bound to it for some internal web hosting. What is the
>> >> > best
>> >> > way
>> >> > to
>> >> > set up a RRAS server, one or two NIC's? If two, then what exactly
>> >> > do
>> >> > you
>> >> > have each of them set up to do?
>> >> >
>> >> > I also wanted to mention that if I take my laptop home, which is
>> >> > part
>> >> > of
>> >> > the
>> >> > domain at the office, I can connect to the VPN and ping everything
>> >> > and
>> >> > browse
>> >> > as usual. It is only on machines that are not part of the domain
>> >> > that
>> >> > I
>> >> > am
>> >> > having the problem. I didn't know if this would make a difference
>> >> > in
>> >> > your
>> >> > response or not.
>> >> >
>> >> > Thanks Steve!
>> >> >
>> >> > "Steven L Umbach" wrote:
>> >> >
>> >> >> There is an option in Windows 2003 RRAS that may help. Open the
>> >> >> RRAS
>> >> >> Management Console and find your server, right click and select
>> >> >> properties,
>> >> >> go to the IP page and make sure "enable broadcast name resolution"
>> >> >> is
>> >> >> enabled. If that does not help configure wins server on your
>> >> >> network
>> >> >> making
>> >> >> sure that all the servers are also wins clients. Lmhosts files
>> >> >> could
>> >> >> also
>> >> >> be
>> >> >> used, though it makes more sense to use wins if possible due to
>> >> >> ease
>> >> >> of
>> >> >> implementation. Multi homed computers such as RRAS servers should
>> >> >> have
>> >> >> the
>> >> >> internal LAN network adapter at the top of the list in network
>> >> >> connections/advanced/advanced settings. The "external" adapter for
>> >> >> internet
>> >> >> access should have file and print sharing, Client for Microsoft
>> >> >> Networks,
>> >> >> and netbios over tcp/ip disabled and also in dns the "register this
>> >> >> connection" should be disabled for the external adapter. --- Steve
>> >> >>
>> >> >> http://support.microsoft.com/default...;en-us;Q180094 --
>> >> >> lmhosts
>> >> >> for network browsing.
>> >> >>
>> >> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
>> >> >> >I have a 2003 Server running RRAS and managing VPN connections
>> >> >> >from
>> >> >> >empoyees
>> >> >> > on their home machines. They connect to the VPN fine but cannot
>> >> >> > use
>> >> >> > NetBIOS
>> >> >> > names to set up drive shares or browse the network. They instead
>> >> >> > have
>> >> >> > to
>> >> >> > use
>> >> >> > IP addresses. Is there any way around this?
>> >> >> >
>> >> >> >
>> >> >> > Thanks,
>> >> >> > Marty
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Everything looks the same with both machines. I have read some other threads
where people had the same problem but never seemed to get it working. I am
not sure what else to do at this point. I hate to blow $245 on a convenience
issue.

"Steven L Umbach" wrote:

> It is no problem in that it is the first IP address and often that is the
> case. Can the VPN clients ping the internal servers after making the VPN
> connection by their IP address?? Does an ipconfig /all show that they are
> receiving the correct IP address of the wins server? Does anything in their
> ipconfig /all look different than the ipconfig /all for your laptop [other
> than assigned IP address]? Are you using the same VPN client and are they
> configured that same? If the other computers search for the name of servers
> in My Network Places does it eventually work? --- Steve
>
>
> "Marty S" <(E-Mail Removed)> wrote in message
> news:771FBE52-35AC-4F69-8C12-(E-Mail Removed)...
> > IP routing is enabled on the IP tab of the RRAS properties. Yes I can
> > access
> > everything via VPN with NetBIOS names using my laptop, which is already a
> > part of the domain. The pool for VPN clients is within the same subnet as
> > the VPN server. I also checked the filters within the RRAS properties and
> > everything looks okay and appears to be set to their defaults? As for the
> > IP
> > address used for the VPN interface, it is the first address out of the
> > static
> > pool that I set up for VPN clients to pull from, is that a problem?
> >
> > "Steven L Umbach" wrote:
> >
> >> Using a single physical network adapter in your configuration is fine and
> >> I
> >> have done it myself with great results. Normally I would say to make sure
> >> that the RRAS server is configured to enable IP routing in the IP
> >> properties
> >> of the server in RRAS Management console but I believe you said that you
> >> can
> >> already access the internal network from your own computer as a VPN
> >> client
> >> so it would seem that is already enabled. If not doing so already, try to
> >> ping by the internal network by IP address also instead of just name.
> >> Input
> >> and output filters on your internal network adapter or in Remote Access
> >> Policy could also be restricting access to those computers but that would
> >> not be configured by default. I assume the static pool IP addresses are
> >> also
> >> on the same network as the RRAS server's internal network adapter
> >> connected
> >> to the lan. The VPN server itself will be assigned one of those addresses
> >> for the virtual adapter it uses for the VPN server connection that would
> >> be
> >> different than the actual address of the physical adapter. Just make sure
> >> that IP address is not the same IP address as assigned to the VPN client
> >> as
> >> I have seen that before. You can check the status/details of the VPN
> >> connection to see what addresses are used for that connection.--- Steve
> >>
> >>
> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> news:108E8272-C389-445D-AC81-(E-Mail Removed)...
> >> > My server is behind a firewall that forwards the VPN traffic to it via
> >> > NAT.
> >> > Is it okay to use a single NIC for this application? I noticed
> >> > something
> >> > weird. The only thing i can ping from a non-domain machine connected
> >> > to
> >> > the
> >> > VPN is the RRAS server itself. I get a return ping from one of the IP
> >> > addresses in the static pool that i set up for RRAS.
> >> >
> >> > Marty
> >> >
> >> > "Steven L Umbach" wrote:
> >> >
> >> >> As I mentioned for the external network adapter connected to the
> >> >> internet
> >> >> access should have file and print sharing, Client for Microsoft
> >> >> Networks,
> >> >> and netbios over tcp/ip disabled and also in dns the "register this
> >> >> connection" should be disabled for the external adapter. Your wins
> >> >> server
> >> >> should only be listed on the internal network adapter used for the lan
> >> >> and
> >> >> the internal lan adapter needs to be at the top of the list in network
> >> >> connections advanced/advanced settings.
> >> >>
> >> >> RRAS servers normally have two physical network adapters unless it is
> >> >> behind
> >> >> a NAT router/firewall connection that forwards VPN connections to the
> >> >> RRAS
> >> >> server's internal network adapter. On one of the client VPN's that can
> >> >> not
> >> >> browse the network run Ipconfig /all to see if they are being assigned
> >> >> a
> >> >> wins server for their VPN connection. I understand that some
> >> >> "protection"
> >> >> software installed on a computer such as personal firewalls or even
> >> >> anti
> >> >> virus programs can be configured to block over tcp/ip netbios which
> >> >> will
> >> >> block the browse service traffic that allows the use of My Network
> >> >> Places.
> >> >> Booting into safe mode will bypass such programs but also will bypass
> >> >> personal firewalls so do not try such unless the user is also behind a
> >> >> firewall device such as a NAT router/firewall. Another thing to try is
> >> >> to
> >> >> have the user name the workgroup their computer is in to the same name
> >> >> as
> >> >> your domain. However if they are a member of another domain do NOT
> >> >> have
> >> >> them
> >> >> do such or they may be locked out from logging onto their
> >> >> omputer. ---
> >> >> Steve
> >> >>
> >> >>
> >> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> >> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
> >> >> > Enable BNR is checked. I have two existing WINS servers, one of
> >> >> > which
> >> >> > is
> >> >> > the
> >> >> > RRAS server. I did have this server set up with dual NIC's, one for
> >> >> > RRAS
> >> >> > and
> >> >> > one for regular LAN traffic. The one NIC that is active right now
> >> >> > has
> >> >> > 5
> >> >> > IP
> >> >> > addresses bound to it for some internal web hosting. What is the
> >> >> > best
> >> >> > way
> >> >> > to
> >> >> > set up a RRAS server, one or two NIC's? If two, then what exactly
> >> >> > do
> >> >> > you
> >> >> > have each of them set up to do?
> >> >> >
> >> >> > I also wanted to mention that if I take my laptop home, which is
> >> >> > part
> >> >> > of
> >> >> > the
> >> >> > domain at the office, I can connect to the VPN and ping everything
> >> >> > and
> >> >> > browse
> >> >> > as usual. It is only on machines that are not part of the domain
> >> >> > that
> >> >> > I
> >> >> > am
> >> >> > having the problem. I didn't know if this would make a difference
> >> >> > in
> >> >> > your
> >> >> > response or not.
> >> >> >
> >> >> > Thanks Steve!
> >> >> >
> >> >> > "Steven L Umbach" wrote:
> >> >> >
> >> >> >> There is an option in Windows 2003 RRAS that may help. Open the
> >> >> >> RRAS
> >> >> >> Management Console and find your server, right click and select
> >> >> >> properties,
> >> >> >> go to the IP page and make sure "enable broadcast name resolution"
> >> >> >> is
> >> >> >> enabled. If that does not help configure wins server on your
> >> >> >> network
> >> >> >> making
> >> >> >> sure that all the servers are also wins clients. Lmhosts files
> >> >> >> could
> >> >> >> also
> >> >> >> be
> >> >> >> used, though it makes more sense to use wins if possible due to
> >> >> >> ease
> >> >> >> of
> >> >> >> implementation. Multi homed computers such as RRAS servers should
> >> >> >> have
> >> >> >> the
> >> >> >> internal LAN network adapter at the top of the list in network
> >> >> >> connections/advanced/advanced settings. The "external" adapter for
> >> >> >> internet
> >> >> >> access should have file and print sharing, Client for Microsoft
> >> >> >> Networks,
> >> >> >> and netbios over tcp/ip disabled and also in dns the "register this
> >> >> >> connection" should be disabled for the external adapter. --- Steve
> >> >> >>
> >> >> >> http://support.microsoft.com/default...;en-us;Q180094 --
> >> >> >> lmhosts
> >> >> >> for network browsing.
> >> >> >>
> >> >> >> "Marty S" <(E-Mail Removed)> wrote in message
> >> >> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
> >> >> >> >I have a 2003 Server running RRAS and managing VPN connections
> >> >> >> >from
> >> >> >> >empoyees
> >> >> >> > on their home machines. They connect to the VPN fine but cannot
> >> >> >> > use
> >> >> >> > NetBIOS
> >> >> >> > names to set up drive shares or browse the network. They instead
> >> >> >> > have
> >> >> >> > to
> >> >> >> > use
> >> >> >> > IP addresses. Is there any way around this?
> >> >> >> >
> >> >> >> >
> >> >> >> > Thanks,
> >> >> >> > Marty
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

I usually have success if the workgroup name is the same as the domain name
that you are trying to VPN into. The other thing I would try is to populate
the lmhosts and/or hosts files with the name of computers that they need to
access. Of course for that to work the computer IP addresses in the
lmhosts/host files need to be static. You should check those files anyhow to
make sure they do not have any incorrect entries. Another thing to try is to
use the fully qualified domain name of the target computer to access a share
as in \\server1.mydomain.com. Beyond that a packet sniffer on both ends of
the connection would help to see what is going on particularly with NBT
traffic for 137 and 138 UDP and 139 TCP. Netmon is built into server version
and free tools like Ethereal can be used on other computers. I have never
had to do it myself and don't like the use of multiple protocols, but a KB
article from Microsoft for NT4.0 recommends also using netbeui as a possible
solution. If you decide to try that make sure netbeui is first in the list
of binding order for file and print sharing and Client for Microsoft
networks for the VPN client. See the link below. --- Steve

http://support.microsoft.com/default...en-us%3B176321


"Marty S" <(E-Mail Removed)> wrote in message
news:E1C5C4B7-113B-43BA-AE6C-(E-Mail Removed)...
> Everything looks the same with both machines. I have read some other
> threads
> where people had the same problem but never seemed to get it working. I
> am
> not sure what else to do at this point. I hate to blow $245 on a
> convenience
> issue.
>
> "Steven L Umbach" wrote:
>
>> It is no problem in that it is the first IP address and often that is the
>> case. Can the VPN clients ping the internal servers after making the VPN
>> connection by their IP address?? Does an ipconfig /all show that they are
>> receiving the correct IP address of the wins server? Does anything in
>> their
>> ipconfig /all look different than the ipconfig /all for your laptop
>> [other
>> than assigned IP address]? Are you using the same VPN client and are they
>> configured that same? If the other computers search for the name of
>> servers
>> in My Network Places does it eventually work? --- Steve
>>
>>
>> "Marty S" <(E-Mail Removed)> wrote in message
>> news:771FBE52-35AC-4F69-8C12-(E-Mail Removed)...
>> > IP routing is enabled on the IP tab of the RRAS properties. Yes I can
>> > access
>> > everything via VPN with NetBIOS names using my laptop, which is already
>> > a
>> > part of the domain. The pool for VPN clients is within the same subnet
>> > as
>> > the VPN server. I also checked the filters within the RRAS properties
>> > and
>> > everything looks okay and appears to be set to their defaults? As for
>> > the
>> > IP
>> > address used for the VPN interface, it is the first address out of the
>> > static
>> > pool that I set up for VPN clients to pull from, is that a problem?
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> Using a single physical network adapter in your configuration is fine
>> >> and
>> >> I
>> >> have done it myself with great results. Normally I would say to make
>> >> sure
>> >> that the RRAS server is configured to enable IP routing in the IP
>> >> properties
>> >> of the server in RRAS Management console but I believe you said that
>> >> you
>> >> can
>> >> already access the internal network from your own computer as a VPN
>> >> client
>> >> so it would seem that is already enabled. If not doing so already, try
>> >> to
>> >> ping by the internal network by IP address also instead of just name.
>> >> Input
>> >> and output filters on your internal network adapter or in Remote
>> >> Access
>> >> Policy could also be restricting access to those computers but that
>> >> would
>> >> not be configured by default. I assume the static pool IP addresses
>> >> are
>> >> also
>> >> on the same network as the RRAS server's internal network adapter
>> >> connected
>> >> to the lan. The VPN server itself will be assigned one of those
>> >> addresses
>> >> for the virtual adapter it uses for the VPN server connection that
>> >> would
>> >> be
>> >> different than the actual address of the physical adapter. Just make
>> >> sure
>> >> that IP address is not the same IP address as assigned to the VPN
>> >> client
>> >> as
>> >> I have seen that before. You can check the status/details of the VPN
>> >> connection to see what addresses are used for that connection.---
>> >> Steve
>> >>
>> >>
>> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> news:108E8272-C389-445D-AC81-(E-Mail Removed)...
>> >> > My server is behind a firewall that forwards the VPN traffic to it
>> >> > via
>> >> > NAT.
>> >> > Is it okay to use a single NIC for this application? I noticed
>> >> > something
>> >> > weird. The only thing i can ping from a non-domain machine
>> >> > connected
>> >> > to
>> >> > the
>> >> > VPN is the RRAS server itself. I get a return ping from one of the
>> >> > IP
>> >> > addresses in the static pool that i set up for RRAS.
>> >> >
>> >> > Marty
>> >> >
>> >> > "Steven L Umbach" wrote:
>> >> >
>> >> >> As I mentioned for the external network adapter connected to the
>> >> >> internet
>> >> >> access should have file and print sharing, Client for Microsoft
>> >> >> Networks,
>> >> >> and netbios over tcp/ip disabled and also in dns the "register
>> >> >> this
>> >> >> connection" should be disabled for the external adapter. Your wins
>> >> >> server
>> >> >> should only be listed on the internal network adapter used for the
>> >> >> lan
>> >> >> and
>> >> >> the internal lan adapter needs to be at the top of the list in
>> >> >> network
>> >> >> connections advanced/advanced settings.
>> >> >>
>> >> >> RRAS servers normally have two physical network adapters unless it
>> >> >> is
>> >> >> behind
>> >> >> a NAT router/firewall connection that forwards VPN connections to
>> >> >> the
>> >> >> RRAS
>> >> >> server's internal network adapter. On one of the client VPN's that
>> >> >> can
>> >> >> not
>> >> >> browse the network run Ipconfig /all to see if they are being
>> >> >> assigned
>> >> >> a
>> >> >> wins server for their VPN connection. I understand that some
>> >> >> "protection"
>> >> >> software installed on a computer such as personal firewalls or even
>> >> >> anti
>> >> >> virus programs can be configured to block over tcp/ip netbios which
>> >> >> will
>> >> >> block the browse service traffic that allows the use of My Network
>> >> >> Places.
>> >> >> Booting into safe mode will bypass such programs but also will
>> >> >> bypass
>> >> >> personal firewalls so do not try such unless the user is also
>> >> >> behind a
>> >> >> firewall device such as a NAT router/firewall. Another thing to try
>> >> >> is
>> >> >> to
>> >> >> have the user name the workgroup their computer is in to the same
>> >> >> name
>> >> >> as
>> >> >> your domain. However if they are a member of another domain do NOT
>> >> >> have
>> >> >> them
>> >> >> do such or they may be locked out from logging onto their
>> >> >> omputer. ---
>> >> >> Steve
>> >> >>
>> >> >>
>> >> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> >> news:50464294-29F4-4E14-9CFA-(E-Mail Removed)...
>> >> >> > Enable BNR is checked. I have two existing WINS servers, one of
>> >> >> > which
>> >> >> > is
>> >> >> > the
>> >> >> > RRAS server. I did have this server set up with dual NIC's, one
>> >> >> > for
>> >> >> > RRAS
>> >> >> > and
>> >> >> > one for regular LAN traffic. The one NIC that is active right
>> >> >> > now
>> >> >> > has
>> >> >> > 5
>> >> >> > IP
>> >> >> > addresses bound to it for some internal web hosting. What is the
>> >> >> > best
>> >> >> > way
>> >> >> > to
>> >> >> > set up a RRAS server, one or two NIC's? If two, then what
>> >> >> > exactly
>> >> >> > do
>> >> >> > you
>> >> >> > have each of them set up to do?
>> >> >> >
>> >> >> > I also wanted to mention that if I take my laptop home, which is
>> >> >> > part
>> >> >> > of
>> >> >> > the
>> >> >> > domain at the office, I can connect to the VPN and ping
>> >> >> > everything
>> >> >> > and
>> >> >> > browse
>> >> >> > as usual. It is only on machines that are not part of the domain
>> >> >> > that
>> >> >> > I
>> >> >> > am
>> >> >> > having the problem. I didn't know if this would make a
>> >> >> > difference
>> >> >> > in
>> >> >> > your
>> >> >> > response or not.
>> >> >> >
>> >> >> > Thanks Steve!
>> >> >> >
>> >> >> > "Steven L Umbach" wrote:
>> >> >> >
>> >> >> >> There is an option in Windows 2003 RRAS that may help. Open the
>> >> >> >> RRAS
>> >> >> >> Management Console and find your server, right click and select
>> >> >> >> properties,
>> >> >> >> go to the IP page and make sure "enable broadcast name
>> >> >> >> resolution"
>> >> >> >> is
>> >> >> >> enabled. If that does not help configure wins server on your
>> >> >> >> network
>> >> >> >> making
>> >> >> >> sure that all the servers are also wins clients. Lmhosts files
>> >> >> >> could
>> >> >> >> also
>> >> >> >> be
>> >> >> >> used, though it makes more sense to use wins if possible due to
>> >> >> >> ease
>> >> >> >> of
>> >> >> >> implementation. Multi homed computers such as RRAS servers
>> >> >> >> should
>> >> >> >> have
>> >> >> >> the
>> >> >> >> internal LAN network adapter at the top of the list in network
>> >> >> >> connections/advanced/advanced settings. The "external" adapter
>> >> >> >> for
>> >> >> >> internet
>> >> >> >> access should have file and print sharing, Client for Microsoft
>> >> >> >> Networks,
>> >> >> >> and netbios over tcp/ip disabled and also in dns the "register
>> >> >> >> this
>> >> >> >> connection" should be disabled for the external adapter. ---
>> >> >> >> Steve
>> >> >> >>
>> >> >> >>
>> >> >> >> ttp://support.microsoft.com/default.aspx?scid=kb;en-us;Q180094
>> >> >> >> --
>> >> >> >> lmhosts
>> >> >> >> for network browsing.
>> >> >> >>
>> >> >> >> "Marty S" <(E-Mail Removed)> wrote in message
>> >> >> >> news:449BB4A6-D7B8-4AE2-8009-(E-Mail Removed)...
>> >> >> >> >I have a 2003 Server running RRAS and managing VPN connections
>> >> >> >> >from
>> >> >> >> >empoyees
>> >> >> >> > on their home machines. They connect to the VPN fine but
>> >> >> >> > cannot
>> >> >> >> > use
>> >> >> >> > NetBIOS
>> >> >> >> > names to set up drive shares or browse the network. They
>> >> >> >> > instead
>> >> >> >> > have
>> >> >> >> > to
>> >> >> >> > use
>> >> >> >> > IP addresses. Is there any way around this?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Thanks,
>> >> >> >> > Marty
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>