Announcement

Collapse
No announcement yet.

Local access to domain lost after VPN connection extablished

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local access to domain lost after VPN connection extablished

    Hi

    I am using a Windows 7 client on our domain (2008 and 2003 DC's). I can log on to my Win7 PC and access the domain and all its resources without any problems.

    One of the first things I do is a daily backup of the data for a charity that we provide IT support to. I establish a VPN connection to their domain network and then use remote desktop to connect to their server and copy yesterday's data to an external drive.

    When I did this using my XP machine I never had any issues. However, since using a Win7 machine I have discovered that while the VPN connection is active I am unable to connect to any of the shared resources on our network - I am either prompted for a password or am told I do not have access. Closing the VPN connection restores normal functionality.

    I have set this up exactly the same way as it was on the XP machine. The connection is via an IP address. Security is configured to use CHAP and MS-CHAP V2 and type of VPN is set to Automatic. The default gateway on the remote network is disabled in the IPv4 and IPv6 advanced settings.

    When I first connected to the VPN a network ID dialog appeared and I chose Work Network as the type as I need to be able to access any of their machines (they have a very small network - 1 server and 5 Win7 clients).

    It's not a massive issue as carrying out the backup only takes a few minutes, but it will become an issue if I need to actually work for any length of time on the server itself.

    Can anyone help me with this, please?

    I'm sure I should understand why this is happening so I hope someone here can show me the error of my ways

    Thanks!

    [Edit]
    Edited title of question.
    Last edited by Blood; 5th June 2014, 15:17.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: Local access to domain lost after VPN connection extablished

    Have you considered a connection solution other than the VPN? I've never connected through a VPN from a domain, only to a domain. Whenever I connected to the office at my old job, my home PC became subject to the web filtering solution of the company, so it doesn't sound as if what you are experiencing is all that unusual; you've adopted new DNS servers. It also might be that UAC is doing this, since that's a major security difference between XP and 7.

    Comment


    • #3
      Re: Local access to domain lost after VPN connection extablished

      Thanks. What do you mean by a connection solution? Note also that this charity has no spare cash so a paid solution is not feasible, unfortunately.

      Is there no way to tell my Win 7 PC to only apply the remote domain's DNS settings to the VPN connection and not to the local network connection?

      Still, you've given me some useful info so I'll see what I can find out. Thanks again for the help.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: Local access to domain lost after VPN connection extablished

        Hi, i've seen a similar issue over vpn. Can you ping the IP of your file server?
        What I did to 'work around' this issue is edit my hosts file to map the server name to the IP address.
        c:\windows\System32\drivers\etc\hosts
        Add a line like
        192.168.114.11 server01
        See how it goes.
        Please remember to award reputation points if you have received good advice.
        I do tend to think 'outside the box' so others may not always share the same views.

        MCITP -W7,
        MCSA+Messaging, CCENT, ICND2 slowly getting around to.

        Comment


        • #5
          Re: Local access to domain lost after VPN connection extablished

          Thanks.

          This is what I don't understand. I can ping the LAN DNS servers by IP address, name and FQDN. I have done so testing and have discovered that it is only the DFS shares that cannot be accessed while the VPN is active. I can access the servers and the shares they contain by \\servername\share.

          Sorry - I really jumped the gun with my title. I'll edit it.

          Edit:
          Here's the question as it should have appeared. Sorry for wasting your time:

          We use Windows Server 2008 Standard as a domain controller. It also hosts DFS. Although the namespaces are hosted on the server, the data is stored on a Windows 2008 Storage Server. We do not use DFS replication.

          I have several DFS shares mapped on my Windows 7 client, which has just replaced my XP client, and can access them without any problems.

          However, as soon as I connect to a remote network (located on a different domain - it has nothing to do with our network at all) via VPN, I am unable to access our DFS shares. If I try to access a DFS share an error message pops up stating:

          -

          Location is not available

          Logon failure: unknown user name or bad password.

          -

          The first time I connected the VPN a network dialog popped up asking what type of network it was and I chose Work. After connecting via the VPN I use remote desktop to carry out daily maintenance on a server on the remote network.

          Other local resources are available. I can ping machines via IP, name and FQDN. I can access the same DFS shares using UNC paths. So, although I receive the error message described above when accessing AD-name.local-backslash-share-name1 I have no trouble accessing server-name-backslash-share-name1

          As soon as I close the VPN connection normal functionality is restored and I can again access the DFS shares without any problems.
          Last edited by Blood; 5th June 2014, 15:54.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Re: Local access to domain lost after VPN connection extablished

            I think that's expected behaviour. IIRC the way DFS works is AD site integrated, so it tries to determine the best DFS server to use based on your IP address, and can't do that if you are using a VPN and an unrecognised subnet. Given that it worked in XP I'd expect NLA to be the culprit in preventing it working in 7.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment


            • #7
              Re: Local access to domain lost after VPN connection extablished

              Have a look at LogMeIn Hamachi. It is free for 5 connections and is so good I actually purchased a copy. 32 connections for AUD$29 if you consider purchasing it for yourself.

              [Edit] Changed connection numbers for the paid version from 256 to 32.
              Last edited by biggles77; 14th June 2014, 21:39.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Local access to domain lost after VPN connection extablished

                Thanks a lot. I am up to my ears at the moment as I have lots to do but am very grateful for the Hamachi link and for the possible cause. I will try and resolve it ASAP.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Re: Local access to domain lost after VPN connection extablished

                  Yeah, that's what I meant by another connection option. I work for a company that manufactures an appliance solution for remote connections at the enterprise level (Bomgar), which would work great for this; install a client on the machine and connect to it from anywhere via SSL. However, it's not free. I know some of our competitors have web or stand-alone software solutions, I just didn't know details. The LogMeIn Hamachi looks like what I mean.

                  Comment


                  • #10
                    Re: Local access to domain lost after VPN connection extablished

                    I posted this on MS's forums and received a reply that directed me to another thread. The solution was to edit a pbk file that stores configuration information for each VPN adaptor's settings.

                    Windows 7 takes the credentials supplied for the VPN connection and applies them to your local network. I think this is a rather weird decision on the part of MS as the networks are totally different.

                    Anyway, search for a .pbk file and...

                    ... take the steps in the KB 822707 to resolve it:


                    1). Locate the .pbk file that contains the entry that you dial. To do so, click Start, click Search, type *.pbk in the All or part of the file name box, and then click Search.
                    2). Open the file in Notepad.
                    3). Locate the following entry: UseRasCredentials=1
                    4). Modify the entry to the following: UseRasCredentials=0
                    5). On the File menu, click Save, and the click Exit.

                    Taken from this thread.

                    The path to the file on my machine was:
                    C:\Users\username\AppData\Roaming\Microsoft\Networ k\Connections\Pbk\rasphone.pbk

                    Be sure to remove the space this forum software inserts between r and k in the word 'network'
                    A recent poll suggests that 6 out of 7 dwarfs are not happy

                    Comment


                    • #11
                      Re: Local access to domain lost after VPN connection extablished

                      I know I am replying old post...May be this work around will work with your issue.

                      If you have administrator privileges on remote DCs, you should be able to configure your user account property on Active Directory to Allow Access to network resources (somewhere on VPN or Remote Access tab) on that domain instead of using Network Policy something like that if I not mistaken.. This configuration I think will apply to Win XP or Win 7 client as long as you adjust VPN security connection. I hope this help...

                      Comment

                      Working...
                      X