none
Virtual Private Network & DFS Namespace RRS feed

  • Question

  • Hi,

    I'm having a problem accessing a DFS Namespace/share while using a Virtual Private Network through UAG. Allow me to to describe the scenario.

    I have a corperate laptop. When the users logs on while on the internal network everything is working properly.

    The users can access folder and drive-mappings, synchronize everything and etc without problems. But... when the users logs on remotely with cached criedentials, connects to the UAG portal and from there start a Virtual Private Network things are not working correctly anymore. The user is then able to access the drive-mappings that point directly to a server. But when the user accesses the redirected folders he or she can access it, but nothing is shown, empty folders. When I access the folders through a direct share I can see all files. So apparently it is not working in combination with DFS.

    NOTE: A minor detail. We use Dutch language Operating Systems. What I notice as well is that the redirected folders are not translated. 

    Any idea what is going wrong?

    Boudewijn 


    Boudewijn Plomp, BPMi Infrastructure & Security
    Thursday, September 9, 2010 8:12 AM

Answers

  • Hi Boudewijn,

    I've been rereading your question, and I realize I may have totally misunderstand your original question.

    "Drive Mapping" is the name of a specific application in UAG, but you are talking about VPN. If a computer is connected to your network using UAG's SSTP or NC, everything else should be transparent - as if you are physically on the network. If that is the case, then the only thing I can think of is network-related, like some firewall blocking some ports. If you are talking about a specific UAG application template, than please clarify this for me.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, October 26, 2010 4:51 PM
    Tuesday, October 26, 2010 4:51 PM

All replies

  • I would like to add some new information...

    We always use UPN's (like username@domain.local). This does not seem to work correctly.

    But when I log in with a username (like DOMAIN\username) everything works find and fast!

    Any suggestions?

     

     


    Boudewijn Plomp, BPMi Infrastructure & Security
    Thursday, September 9, 2010 8:39 AM
  • Hmmmm.... apparently we still have weird problems with both methods. With UPN's it doesn't seem to work at all. With a normal DOMAIN\username it works not every time. We only have a problem in combination with DFS.


    Boudewijn Plomp, BPMi Infrastructure & Security
    Thursday, September 9, 2010 9:49 AM
  • Hi Boudewijn

    DFS shares use a different mechanism than regular UNC shares, so this might be a networking related issue. I would suggest making sure that this sort of traffic is not blocked along the way (you can try accessing DFS from the UAG server itself, and seeing if it works reliably). DFS uses TCP + UDP port 5722.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Wednesday, September 22, 2010 8:39 PM
    • Unmarked as answer by Boudewijn Plomp Thursday, September 23, 2010 11:11 AM
    • Marked as answer by Erez Benari Thursday, October 7, 2010 12:21 AM
    • Unmarked as answer by Erez Benari Thursday, October 7, 2010 12:21 AM
    Wednesday, September 22, 2010 8:38 PM
  • Hi Boudewijn

    DFS shares use a different mechanism than regular UNC shares, so this might be a networking related issue. I would suggest making sure that this sort of traffic is not blocked along the way (you can try accessing DFS from the UAG server itself, and seeing if it works reliably). DFS uses TCP + UDP port 5722.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA

    I will check that. But as you might have read. It works (most of the time) with a normal username and password. But it does not work correctly with a UPN. This indicates that it can work, so it cannot be a network issue. I will check it for sure. Keep in mind that UAG uses on TMG. Normally the server itself isn't allowed to do anything, securitywise.
    Boudewijn Plomp, BPMi Infrastructure & Security
    Thursday, September 23, 2010 11:14 AM
  • Hi Boudewijn,

    I've been rereading your question, and I realize I may have totally misunderstand your original question.

    "Drive Mapping" is the name of a specific application in UAG, but you are talking about VPN. If a computer is connected to your network using UAG's SSTP or NC, everything else should be transparent - as if you are physically on the network. If that is the case, then the only thing I can think of is network-related, like some firewall blocking some ports. If you are talking about a specific UAG application template, than please clarify this for me.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, October 26, 2010 4:51 PM
    Tuesday, October 26, 2010 4:51 PM