VPN WinXP Firewall

I have a remote site using XP Pro workstations connecting with VPN and
mapping a couple of shares. Connects to a W2K3 server at the main site. It
had been working since it was set up about six months ago and all has been
fine. Never misses a beat and has always been very fast. All of a sudden it
stopped working. It connects OK but the name mappings (net use x:
\\xxxxx\xxxxx /USER:(E-Mail Removed) xxxxxx /persistent:no) don't work.

The remote clients go thru a Linksys BEFSX41 at the remote site. Have
another site connecting into the same domain that uses a BEFSR41. It is OK.
There are three sites total, same domain, each with W2K3 DCs.

Come to find out, I turned off the Win XP firewall and now it works as
before. The problem seems to have begun when the Win XP firewall update was
sent out in December 2004.

The usage for this is only on weekends so I have the remote user turning off
the Windows firewall when they are working and turn it back on afterwards.
The Linksys firewall is still in place so it isn't a severe issue for a
couple hours of work / connect time. The behavior is the same without regard
to the workstation used at the remote location and it only happens at the
remote site equipped with the BEFSX41. The mappings occur very fast when the
connection is invoked. With Windows Explorer open they pop up pretty much
instantaneously when the command file runs. The rasdial string uses a domain
username password as does the net use line entry with the mappings set to no
persistence.

The main site has a BEFSX41. The three sites connect and replicate the
domain on a schedule in the middle of the nite (seven days /365) and it
works OK. There are mappings used between the servers that sync some
database stuff and user data that hasn't been affected. That also occurs in
the middle of the nite during the period while replication is running. That
stuff occurs through the use of a command file that creates some mappings
and uses Xcopy to update only the chaged files. The amount of data isn't
very big, taking a max of 45 minutes across all three servers.

In short, the servers running VPN, replication and mappings are completely
unaffected. The site with BEFSR41 is completely unaffected. Only the XP Pro
workstations at the remote site with BEFSX41 can't map drives to shares at
the main site unless the XP Pro firewall is turned off. The problem seems to
have begun about the time the XP Pro firewall update was sent out. The two
sites (main and one remote) with BEFSX41 are both using the latest current
firmware on the routers.

Any ideas?

Thanks, John K

I was looking at the Win XP Pro firewall configuration and it occurred to me
to ask if I should add port 1723 to the port list and enable the port?
Should it have been passing port 1723 traffic before the firewall update? I
have the impression firewall port definitions are for configuring inbound
traffic connections. Or does it have to be configured to permit traffic on a
given numbered port (VPN) without regard to if the connection is established
as inbound or outbound?

Thanks, John K.


"John K" <(E-Mail Removed)> wrote in message
news:OHd$(E-Mail Removed)...
>I have a remote site using XP Pro workstations connecting with VPN and
>mapping a couple of shares. Connects to a W2K3 server at the main site. It
>had been working since it was set up about six months ago and all has been
>fine. Never misses a beat and has always been very fast. All of a sudden it
>stopped working. It connects OK but the name mappings (net use x:
>\\xxxxx\xxxxx /USER:(E-Mail Removed) xxxxxx /persistent:no) don't work.
>
> The remote clients go thru a Linksys BEFSX41 at the remote site. Have
> another site connecting into the same domain that uses a BEFSR41. It is
> OK. There are three sites total, same domain, each with W2K3 DCs.
>
> Come to find out, I turned off the Win XP firewall and now it works as
> before. The problem seems to have begun when the Win XP firewall update
> was sent out in December 2004.
>
> The usage for this is only on weekends so I have the remote user turning
> off the Windows firewall when they are working and turn it back on
> afterwards. The Linksys firewall is still in place so it isn't a severe
> issue for a couple hours of work / connect time. The behavior is the same
> without regard to the workstation used at the remote location and it only
> happens at the remote site equipped with the BEFSX41. The mappings occur
> very fast when the connection is invoked. With Windows Explorer open they
> pop up pretty much instantaneously when the command file runs. The rasdial
> string uses a domain username password as does the net use line entry with
> the mappings set to no persistence.
>
> The main site has a BEFSX41. The three sites connect and replicate the
> domain on a schedule in the middle of the nite (seven days /365) and it
> works OK. There are mappings used between the servers that sync some
> database stuff and user data that hasn't been affected. That also occurs
> in the middle of the nite during the period while replication is running.
> That stuff occurs through the use of a command file that creates some
> mappings and uses Xcopy to update only the chaged files. The amount of
> data isn't very big, taking a max of 45 minutes across all three servers.
>
> In short, the servers running VPN, replication and mappings are completely
> unaffected. The site with BEFSR41 is completely unaffected. Only the XP
> Pro workstations at the remote site with BEFSX41 can't map drives to
> shares at the main site unless the XP Pro firewall is turned off. The
> problem seems to have begun about the time the XP Pro firewall update was
> sent out. The two sites (main and one remote) with BEFSX41 are both using
> the latest current firmware on the routers.
>
> Any ideas?
>
> Thanks, John K
>
>
>
>
>

what do you receive is using net view \\servername command?

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"John K" <(E-Mail Removed)> wrote in message
news:OHd$(E-Mail Removed)...
>I have a remote site using XP Pro workstations connecting with VPN and
>mapping a couple of shares. Connects to a W2K3 server at the main site. It
>had been working since it was set up about six months ago and all has been
>fine. Never misses a beat and has always been very fast. All of a sudden it
>stopped working. It connects OK but the name mappings (net use x:
>\\xxxxx\xxxxx /USER:(E-Mail Removed) xxxxxx /persistent:no) don't work.
>
> The remote clients go thru a Linksys BEFSX41 at the remote site. Have
> another site connecting into the same domain that uses a BEFSR41. It is
> OK. There are three sites total, same domain, each with W2K3 DCs.
>
> Come to find out, I turned off the Win XP firewall and now it works as
> before. The problem seems to have begun when the Win XP firewall update
> was sent out in December 2004.
>
> The usage for this is only on weekends so I have the remote user turning
> off the Windows firewall when they are working and turn it back on
> afterwards. The Linksys firewall is still in place so it isn't a severe
> issue for a couple hours of work / connect time. The behavior is the same
> without regard to the workstation used at the remote location and it only
> happens at the remote site equipped with the BEFSX41. The mappings occur
> very fast when the connection is invoked. With Windows Explorer open they
> pop up pretty much instantaneously when the command file runs. The rasdial
> string uses a domain username password as does the net use line entry with
> the mappings set to no persistence.
>
> The main site has a BEFSX41. The three sites connect and replicate the
> domain on a schedule in the middle of the nite (seven days /365) and it
> works OK. There are mappings used between the servers that sync some
> database stuff and user data that hasn't been affected. That also occurs
> in the middle of the nite during the period while replication is running.
> That stuff occurs through the use of a command file that creates some
> mappings and uses Xcopy to update only the chaged files. The amount of
> data isn't very big, taking a max of 45 minutes across all three servers.
>
> In short, the servers running VPN, replication and mappings are completely
> unaffected. The site with BEFSR41 is completely unaffected. Only the XP
> Pro workstations at the remote site with BEFSX41 can't map drives to
> shares at the main site unless the XP Pro firewall is turned off. The
> problem seems to have begun about the time the XP Pro firewall update was
> sent out. The two sites (main and one remote) with BEFSX41 are both using
> the latest current firmware on the routers.
>
> Any ideas?
>
> Thanks, John K
>
>
>
>
>

When using net view and the connection has the shares properly mapped
(Windows XP firewall 'OFF') it returns the shares on the server as expected.
When the Windows firewall is 'ON' the shares didn't map and net view
complains of network path not found. In any case it doesn't see the named
server with net view when Windows firewall is 'ON'. That in spite of the
fact that the rasdial command executed OK and gives the confirmation of the
connection on bottom right of XP Pro desktop. Pinging the FQDN of the server
replies but pinging just the servername gets no reply. I checked the links
you provided but there weren't any specific references to what I am seeing.
For whatever reason it seems as though the problem is related to an anomaly
between Windows firewall and the BEFSX41. Bear in mind an otherwise
identical configuration works on the other site with a BEFSR41. At my next
opportunity I am going to turn off the firewall on the BEFSX41 at the remote
site and check the result. I can't get over there for a couple of days. I'll
post back when I have some results.

Thanks, John K.

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> what do you receive is using net view \\servername command?
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
> help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> VPN Process and Error Analysis,
> http://www.chicagotech.net/VPN%20process.htm
> VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> This posting is provided "AS IS" with no warranties.
> "John K" <(E-Mail Removed)> wrote in message
> news:OHd$(E-Mail Removed)...
>>I have a remote site using XP Pro workstations connecting with VPN and
>>mapping a couple of shares. Connects to a W2K3 server at the main site. It
>>had been working since it was set up about six months ago and all has been
>>fine. Never misses a beat and has always been very fast. All of a sudden
>>it stopped working. It connects OK but the name mappings (net use x:
>>\\xxxxx\xxxxx /USER:(E-Mail Removed) xxxxxx /persistent:no) don't work.
>>
>> The remote clients go thru a Linksys BEFSX41 at the remote site. Have
>> another site connecting into the same domain that uses a BEFSR41. It is
>> OK. There are three sites total, same domain, each with W2K3 DCs.
>>
>> Come to find out, I turned off the Win XP firewall and now it works as
>> before. The problem seems to have begun when the Win XP firewall update
>> was sent out in December 2004.
>>
>> The usage for this is only on weekends so I have the remote user turning
>> off the Windows firewall when they are working and turn it back on
>> afterwards. The Linksys firewall is still in place so it isn't a severe
>> issue for a couple hours of work / connect time. The behavior is the same
>> without regard to the workstation used at the remote location and it only
>> happens at the remote site equipped with the BEFSX41. The mappings occur
>> very fast when the connection is invoked. With Windows Explorer open they
>> pop up pretty much instantaneously when the command file runs. The
>> rasdial string uses a domain username password as does the net use line
>> entry with the mappings set to no persistence.
>>
>> The main site has a BEFSX41. The three sites connect and replicate the
>> domain on a schedule in the middle of the nite (seven days /365) and it
>> works OK. There are mappings used between the servers that sync some
>> database stuff and user data that hasn't been affected. That also occurs
>> in the middle of the nite during the period while replication is running.
>> That stuff occurs through the use of a command file that creates some
>> mappings and uses Xcopy to update only the chaged files. The amount of
>> data isn't very big, taking a max of 45 minutes across all three servers.
>>
>> In short, the servers running VPN, replication and mappings are
>> completely unaffected. The site with BEFSR41 is completely unaffected.
>> Only the XP Pro workstations at the remote site with BEFSX41 can't map
>> drives to shares at the main site unless the XP Pro firewall is turned
>> off. The problem seems to have begun about the time the XP Pro firewall
>> update was sent out. The two sites (main and one remote) with BEFSX41 are
>> both using the latest current firmware on the routers.
>>
>> Any ideas?
>>
>> Thanks, John K
>>
>>
>>
>>
>>
>
>