VP Connected, saw the share but not cannot open it

Discussion in 'Windows Networking' started by =?Utf-8?B?ZnJhbmtjdmM=?=, Nov 26, 2004.

  1. Have a Windows Server 2003 set up for VPN. Using Windows XP connected to it.
    Found the server and shares but cannot open them--Access Denied. All these
    folders' Share and NTFP permissions are set to Read and write. If accessed on
    the LAN, these folders are fully accessible by the same user.

    Appreciate your help!
     
    =?Utf-8?B?ZnJhbmtjdmM=?=, Nov 26, 2004
    #1
    1. Advertisements

  2. Make sure that the user is logging onto their remote computer with
    credentials that allow access to the lan. If you logon to the computer with
    different logon/password than is used to authenticate with the VPN the user
    may be denied access if the users logon to the computer credentials are
    passed to try and access the share which is often the case. Have the user
    try to ping the computer offering the share by both it's name and lan IP
    address to make sure it has connectivity to it and also try to connect to
    the share using it's lan IP address instead of name as in
    \\xxx.xxx.xxx.xxx\share. --- Steve
     
    Steven L Umbach, Nov 26, 2004
    #2
    1. Advertisements

  3. Thanks, Steve.

    Let me make sure I understand your point clearly.
    We have Remote Client--VPN-- Server to Access.

    I always used the credential to log on to the VPN who has proper access
    privileges to the Server, though a different credential was used to log on to
    the remote client.

    On the same Server we have several shares which the VPN user has access.
    Interestingly, the user can access some but not others, though it has full
    access to all shares if logged on to a machine on the LAN.

    Thanks again.

    Frank
     
    =?Utf-8?B?ZnJhbmtjdmM=?=, Nov 27, 2004
    #3
  4. Try creating a local account on the client to logon to the computer that
    uses the same credentials as used to logon to the VPN or if this is a domain
    configure the VPN client connection [if using the built in one] to include
    the domain name when logging onto the VPN. I had a similar problem myself
    and tracked it down to the fact that I was logging onto my client computer
    with different credentials than using to logon to the VPN. What was
    happening, in my configuration, was that the credentials that I logged onto
    my client computer were being used to accessing shares on my network. I
    confirmed this by examining the user that I was connected to the remote
    computer via Computer Management/shared folders/sessions which I encourage
    you to try also to see how the VPN user is actually accessing the remote
    computer. I would also enable auditing of logon events on the server
    offering shares where you are having a problem to see what is reported in
    the security logs on that server to see how the remote user is
    authenticating to that server and possibly enabling auditing of object
    access and then auditing the folder that they can not access for read/list
    permissions for failure which should generate Event ID's 560 and 562 in the
    security log giving a clue as exactly what user is being denied access to
    the folder.

    My guess is that the user is not accessing that computer or shares via the
    VPN as the user you believe him/her to be. Another thing to consider is that
    XP computers can use stored credentials and if the stored credentials have
    the wrong user or password to access a share/computer, the user can be
    denied access. Stored credentials can be convenient until you forget about
    them. --- Steve

    http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prdp_log_vkxx.asp
    http://tinyurl.com/6qlzj -- same link as above, shorter about XP stored
    credentials.
     
    Steven L Umbach, Nov 27, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.