One user unable to access shared drives using direct access 2012 RRS feed

  • Question

  • I have one user that is unable to access any share drives when conntected to Direct Access.  He is able to ping the servers and rdp into server but not access shares.  Other users are working fine.  He is able to access the shared drives when turning direct access off and connecting to VPN.

    Any ideas?

    Wednesday, February 26, 2014 3:45 PM

All replies

  • If he is able to RDP into the same server name which he is trying to access the share for, then I would check into user permissions on the shares themselves. Both RDP and file access require the second intranet tunnel to be active, so successful RDP connections indicate that is working properly. Or, if this is a management server, then only the primary infrastructure tunnel is needed, but the same is true - if RDP works, file shares should as well.

    You could also do some testing to figure out whether this is something particular to the user account, or the computer that he is using (have him log into a different DA laptop and see if the same thing happens, have a different user log into his laptop and test, etc) - those kinds of tests might set you on the right track for figuring out what is stopping this from working.

    Thursday, February 27, 2014 1:58 PM
  • The user is able to access shared folders from another computer when signed in with his user account.  It seems to be computer related.  Any registery setting or reset command that I can try?

    Friday, February 28, 2014 3:17 PM
  • I would be curious to find out if one computer is connecting using Teredo, and the other using IP-HTTPS. If you check "ipconfig /all" on both machines, does the working one show an IPv6 address for IP-HTTPS, but the non-working only show an IPv6 address for the Teredo adapter?

    Many times when there is a situation like yours it comes down to something like that. For Teredo to work properly, ICMP must be allowed inside your network. For example, I stood up a new server a little while ago in our network and had someone connected via DirectAccess to it all day long. I went home and tried, and I couldn't RDP into it. I then found out that I was using Teredo, and the other person had been connected with IP-HTTPS. The Windows Firewall on that new server was blocking ICMP by default (I couldn't ping it even from inside the network), and as a result, Teredo-connected DA clients couldn't connect to it. If I moved over to IP-HTTPS, it worked. I ended up solving it long-term by creating a firewall rule on the new server to allow ICMP, then it was accessible via Teredo as well.

    I can't be sure that this is what is happening to you, but it's worth checking into.

    Friday, February 28, 2014 4:20 PM
  • I have 6to4 and Teredo disabled via Group Policy.  Hotspot users were having issues connecting to Direct Access when Teredo was enabled.

    Friday, February 28, 2014 5:04 PM
  • Can you confirm that the user is able to successfully RDP into a server, even a same server name as what you are trying to get into file shares? Pings are not a solid test as to whether or not DA is working, because ICMP traffic moves outside of the IPsec tunnels (you could have successful pings but not have access via SMB/RDP), but once IPsec tunnels are established, there really is nothing happening that distinguishes between SMB and RDP - if one works, so should the other. Unless something on the client machine or the file server itself is blocking the traffic from happening.
    Monday, March 3, 2014 1:31 PM
  • The users can definitely RDP into servers.  The computer must be blocking traffic somehow.  The strange thing is he can access shares using VPN but not DA.

    Monday, March 3, 2014 1:57 PM
  • These shares don't happen to be sitting on NetApp's, are they?
    Monday, March 3, 2014 2:55 PM
  • No they are not.....he can not access any shares on any server including Domain Controller Share.
    Monday, March 3, 2014 2:58 PM