none
VPN Connection RRS feed

  • Question

  • Hi Everyone,

    I'm setting up a VPN server using Server 2012R2. I then want to connect via Windows 10 Client.

    The network is on a Server 2019 domain. The server 2012 R2 is a VM

    I did install the VPN server. I did connect with a Windows 10 Client. I configured my firewall to port forward 1723.

    I connected within seconds. Here's the problem.

    I cannot browse my "network" on the VPN client to see the remote computers.

    I can ping the client computers

    I can access shares on the client if I use their IP address: \\192.168.1.x

    I cannot access shares if I use the url: \\computer\

    The VPN adapter shows the correct DNS servers (remote DNS servers) in the ipconfig /all command

    I am using the local gateway, not the remote gateway.

    So you would think it's a DNS issue, but as said above the adapter is calling out the remote DNS (local) servers.

    What am I missing?

    Any Thoughts?

    Adelxt


    Steve

    Tuesday, June 30, 2020 9:13 PM

All replies

  • I'd check the required traffic is flowing between end points.

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, June 30, 2020 9:36 PM
  • Hi Steve,

    Please configure the following steps on your windows 10 client:

    1.Check Network Discovery and Share settings.

    2.Change the following services startup type from Manual to Automatic and restart the service:

    Push Win Key and type "Services", locate these services.

    - Function Discovery Provider Host

    - Function Discovery Resource Publication

    - SSDP Discovery

    - UPnP Device Host

    3.Enable the SMB 1.0 support by enabling the following Windows features from the Control Panel:

    3.>>I cannot access shares if I use the url: \\computer\

    Based on my understanding, you cannot access the share with hostname. Is that right? What's the error message when you cannot access the share with hostname. Please post the error message in detail.

    If the above steps still didn't work, please check SMBclient log to see if there are something related for us to troubleshooting.

    Hope this can help you.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Wednesday, July 1, 2020 9:21 AM
    Moderator
  • Hi Candy,

    I did notice that I didn't have SMB 1.0 initiated and thought was the problem. It wasn't

    I also have the correct port, 1723 opened from the server side allowing me connection.

    If I put in the IP of the remote server I can see the shares and map them. If I put in the url, \\computer\ it gives me an error message.

    I have started the services above automatically too!

    I have shutdown my anti-virus/ firewall.

    The only thing that I haven't done is do anything with the router where the VPN is initiated. I find that if I had to do something to this router I would need to do it to all clients in the future and that doesn't make sense to me .

    Something is blocking the name resolution, but not sure what.

    Also, the VPN adapter is calling out the correct DNS server at the VPN site.

    I'll show you the error message but it's the typical message relating to blocking of the shares, etc.

    Still looking for an answer.

    Thanks

    Steve


    Steve

    Update !!

    I am now able to access the shares on the VPN server by using \\computer\.

    What I did was added the DNS suffix to the VPN adapter tcp/ip v4 properties. Under advanced/dns

    Still can't get a browse list and the mapped drives that the user has when connecting via VPN.

    Thanks

    Steve

    • Edited by adelxt Wednesday, July 1, 2020 8:35 PM
    Wednesday, July 1, 2020 1:20 PM
  • Hi ,

    Thanks for your updating.

    Let's try to change the following services to delayed start again, change the service startup type to Automatic (Delayed Start);

    Function Discovery Resource Publication

    Function Discovery Provider Host

    Then restart your windows 10 client, after rebooting,check if you could see other computers.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Thursday, July 2, 2020 8:07 AM
    Moderator
  • Hi Candy,

    Just tried your suggestion with no success. Same results.

    My VPN adapter show the correct IP configuration too.

    I did see a person talking about the same situation and what they said that once they setup the VPN Server on a physical machine not a virtual machine it worked. I'm not sure if they had other problems because I don't see the difference. Also, I don't have a physical machine on the network that is a domain controller. 

    I believe the browser list is being blocked somehow when going through the VPN. Not sure if I have to open some ports on the VPN server side in the router for the browser list to go through. I'm going to check what ports a browser list uses after this reply.

    Any ideas?

    Thanks

    Steve


    Steve

    Thursday, July 2, 2020 2:23 PM
  • Hello,

    You are running NAT in RRAS right? When the VPN client connects, do you have a virtual VPN adapter with an IP address from the VPN DHCP pool?


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Thursday, July 2, 2020 2:51 PM
  • Hi Miquel,

    If i Understand you correctly, at my local computer I have the VPN adapter. At the VPN server I see two adapters, one being the actual local adapter and the other may be the virtual adapter.

    The Ethernet is my VPN Server's IP. My guess would be that the 10.10.0.167 is the NAT IP?

    Thanks

    Steve


    Steve

    Thursday, July 2, 2020 3:56 PM
  • Hello Adelxt,

    yes. 10.x is a private IP address space. The internal and Ethernet adapters are on the same subnet, that serves no purpose. I am guessing this is a lab because you cannot have external devices VPN into a 10.x private IP, you need a public IP for external clients to connect.

    If you have a font facing router with a public IP and port forwarding to 10.x then you are double natting (Public -> 10.x ->  192.x)  which is probably why it does not work.

    Just port forward to 10.10.0.65 (server I'm guessing), remove the NIC for 10.10.0.167 and make sure the devices you are trying to access over the VPN are on the same subnet.

    This is just a guess, I still don't have a good idea of what the layout is here.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     


    • Edited by Miguel Fra Thursday, July 2, 2020 10:39 PM
    Thursday, July 2, 2020 10:34 PM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    7 hours 53 minutes ago
    Moderator