VPN madness !!!!!
Markie
Member Posts: 54 ■■□□□□□□□□
Hey all, I have recently set up a VPN server for testing. The VPN server is a Windows Server 2003 machine running RRAS. At this stage, I have two VPN clients (two different geographical locations) connecting to the VPN server.
The setup can be best decribed as follows:
VPN client 1 (XP Pro)
VPN/File Server (Server 2003)
VPN client 2(XP Home)
All three machines are at different locations. The main purpose of the VPN connection is so that the VPN clients can send a small file to the VPN Server. So the VPN server is actually a File Server as well (sharing one folder, which is made available to the vpn clients). It is not a domain controller.
Everything was working flawlessly up to a few days ago. Although both VPN clients can connect to the server, the XP Home machine is not able to send files to the Server anymore.
As part of testing, I have tried connecting to the server from both clients using the same vpn user account (not at the same time). Lets call it vpn_user. When the XP Pro machine connects and then accesses the File share, vpn_user accesses the share as "Administrator".
This is information is found under > Computer Management > Shared Folders > Sessions and then under "user".
However, when the XP Home machine connects and accesses the file share, vpn_user accesses the share as "Guest".
Both machines are able to open the share and view the contents of the folder. However, only the XP Pro machine is able to delete, modify, overwrite files etc. I need the HP Home machine to be able to do the same thing because a new file is sent to the server each night which requires the ability to overwrite files.
The XP Home machine was working flawlessly until I made a small change on the Server. Specifically, I enabled the guest account and gave the guest account access to the shared folder. (Please dont tell me this is a "Security Issue", because I know that. I was forced to enable the guest account to enable some extra functionality on the LAN side of the VPN server).
When I disable the guest account again, the HP Home machine is now not able to access the share automatically. I am prompted for a username and password. When I type in the Administrator (with password) account, I can connect to the share with full admin rights.
However, before this problem started, the HP home machine could connect to the share with full admin privellages automatically without being promted for a password. But now after reverting the change I made (i.e. the Guest a/c), this does not occur.
I should make it clear that the vpn_user account has the full control share/NTFS permissions for the shared folder on the server. Just remember, everything is working fine for the XP PRO machine still (using the same user account as the HP Home machine, not simultaneously).
Although my findings are pointing towards the problem somehow being related to the guest account, it is possible that it has something to do with a connection to the share that somehow did not disconnect properly. I say this because on the Xp Home machine, the share on the server was mapped. However, I am unable to disconnect this mapped drive, even after rebooting the machine, pulling out network cable etc. When I try the "net use \\server\share /delete" command, I get an error message saying something like "cannot delete drive as it is being used by another process".
Either way, it seems that the problem lies somewhere on the XP home machine.
As you can see, the problem is more so a File sharing issue as opposed to a Vpn issue. However, I thought I would include all the info in case I have missed somthing.
Although it is in the testing stage at this stage, the final product is for a client of mine so I would like to get this problem sorted sooner rather than later.
So in summary, what would cause vpn_user (XP Pro) to connect to folder share as "Administrator" while vpn_user (HP Home) connects to folder share as "Guest"?
Please help guys, I am really losing it on this one.
The setup can be best decribed as follows:
VPN client 1 (XP Pro)
VPN/File Server (Server 2003)
VPN client 2(XP Home)
All three machines are at different locations. The main purpose of the VPN connection is so that the VPN clients can send a small file to the VPN Server. So the VPN server is actually a File Server as well (sharing one folder, which is made available to the vpn clients). It is not a domain controller.
Everything was working flawlessly up to a few days ago. Although both VPN clients can connect to the server, the XP Home machine is not able to send files to the Server anymore.
As part of testing, I have tried connecting to the server from both clients using the same vpn user account (not at the same time). Lets call it vpn_user. When the XP Pro machine connects and then accesses the File share, vpn_user accesses the share as "Administrator".
This is information is found under > Computer Management > Shared Folders > Sessions and then under "user".
However, when the XP Home machine connects and accesses the file share, vpn_user accesses the share as "Guest".
Both machines are able to open the share and view the contents of the folder. However, only the XP Pro machine is able to delete, modify, overwrite files etc. I need the HP Home machine to be able to do the same thing because a new file is sent to the server each night which requires the ability to overwrite files.
The XP Home machine was working flawlessly until I made a small change on the Server. Specifically, I enabled the guest account and gave the guest account access to the shared folder. (Please dont tell me this is a "Security Issue", because I know that. I was forced to enable the guest account to enable some extra functionality on the LAN side of the VPN server).
When I disable the guest account again, the HP Home machine is now not able to access the share automatically. I am prompted for a username and password. When I type in the Administrator (with password) account, I can connect to the share with full admin rights.
However, before this problem started, the HP home machine could connect to the share with full admin privellages automatically without being promted for a password. But now after reverting the change I made (i.e. the Guest a/c), this does not occur.
I should make it clear that the vpn_user account has the full control share/NTFS permissions for the shared folder on the server. Just remember, everything is working fine for the XP PRO machine still (using the same user account as the HP Home machine, not simultaneously).
Although my findings are pointing towards the problem somehow being related to the guest account, it is possible that it has something to do with a connection to the share that somehow did not disconnect properly. I say this because on the Xp Home machine, the share on the server was mapped. However, I am unable to disconnect this mapped drive, even after rebooting the machine, pulling out network cable etc. When I try the "net use \\server\share /delete" command, I get an error message saying something like "cannot delete drive as it is being used by another process".
Either way, it seems that the problem lies somewhere on the XP home machine.
As you can see, the problem is more so a File sharing issue as opposed to a Vpn issue. However, I thought I would include all the info in case I have missed somthing.
Although it is in the testing stage at this stage, the final product is for a client of mine so I would like to get this problem sorted sooner rather than later.
So in summary, what would cause vpn_user (XP Pro) to connect to folder share as "Administrator" while vpn_user (HP Home) connects to folder share as "Guest"?
Please help guys, I am really losing it on this one.
The oxen is slow but the earth is patient!!!!
Comments
-
gravyjoe
Member Posts: 260
I wish I knew what was going on. I had a similar issue come up, but it was with an XP Pro computer instead of XP Home. I had to disable Simple File Sharing in order to access the files on the remote machine. Simple File Sharing is always enabled on XP Home, so that possible solution is out of the picture.
The biggest risk in life is not taking one. -
Markie
Member Posts: 54 ■■□□□□□□□□
Just to add some more info:
Further testing is pointing to the problem being related to XP Home. I tried connecting to the server with another XP Home machine (on the same subnet as the other XP Home machine) and the exact same problem is occuring. I cant understand how toggling (i.e. enable and then disable again) the guest account caused this problem to occur.
When the XP Home vpn client connects to the VPN server, the following occurs:
- "verifying username and password"
- "registering your computer on the network"
When the XP Pro vpn client connects to the VPN server, the following occurs:
- "verifying username and password"
- "registering your computer on the network"
- "authenticated"
As you can see, an extra step occurs with the PRO machine. Admitedly these messages flash pretty quicky across the screen so I may have missed the last message on the HOME machines. However, I am pretty sure that I saw this correctly.
I should point out that I have disabled the guest account on the server to reflect its state when everything was working fine. However, I am pretty sure that if I was to re-enable the guest account, the HOME machines would also authenticate but only with read permissions (i.e. guest access).
It sounding to me like the XP HOME machines' computer accounts are being authenticated but the user account is not. Maybe I am wrong!!!!
The XP PRO machine is using the exact same vpn user account to connect.
GRRRRR, it was working fine a few days ago.
Any ideas?The oxen is slow but the earth is patient!!!! -
Markie
Member Posts: 54 ■■□□□□□□□□
It seems at this stage, the only option I have is to give the guest account full control on the server. Not a good idea I know, but at least it is allowing the XP Home machines to connect to the share automatically with full privelages.
To me this is so strange. Normally, one should be able to connect with a any user account (provided they have dial-in access on the server) and then connect to the shares according to permissions set for that particular user account.
However, for some unknown reason, the connection is only wanting to connect as the guest account.
One other strange thing is in relation to the mapped drive (mapping S: to \\server\share_name) located on the XP Home machine.
After I have successfully connected via the VPN connection and then double clicked on the mapped drive, everything is working fine.
However, when I issue the "net use" command. It tells me that the "S: \\server\share_name is disconnected".
Any ideas?The oxen is slow but the earth is patient!!!!