| Author |
Message |
John K
Guest
|
 Posted:
Sun Jan 09, 2005 5:25 pm Post subject:
VPN WinXP Firewall |
|
|
I have a remote site using XP Pro workstations connecting with VPN and
mapping a couple of shares. Connects to a W2K3 server at the main site. It
had been working since it was set up about six months ago and all has been
fine. Never misses a beat and has always been very fast. All of a sudden it
stopped working. It connects OK but the name mappings (net use x:
\\xxxxx\xxxxx /USER:xxxx@xxxx.xxx xxxxxx /persistent:no) don't work.
The remote clients go thru a Linksys BEFSX41 at the remote site. Have
another site connecting into the same domain that uses a BEFSR41. It is OK.
There are three sites total, same domain, each with W2K3 DCs.
Come to find out, I turned off the Win XP firewall and now it works as
before. The problem seems to have begun when the Win XP firewall update was
sent out in December 2004.
The usage for this is only on weekends so I have the remote user turning off
the Windows firewall when they are working and turn it back on afterwards.
The Linksys firewall is still in place so it isn't a severe issue for a
couple hours of work / connect time. The behavior is the same without regard
to the workstation used at the remote location and it only happens at the
remote site equipped with the BEFSX41. The mappings occur very fast when the
connection is invoked. With Windows Explorer open they pop up pretty much
instantaneously when the command file runs. The rasdial string uses a domain
username password as does the net use line entry with the mappings set to no
persistence.
The main site has a BEFSX41. The three sites connect and replicate the
domain on a schedule in the middle of the nite (seven days /365) and it
works OK. There are mappings used between the servers that sync some
database stuff and user data that hasn't been affected. That also occurs in
the middle of the nite during the period while replication is running. That
stuff occurs through the use of a command file that creates some mappings
and uses Xcopy to update only the chaged files. The amount of data isn't
very big, taking a max of 45 minutes across all three servers.
In short, the servers running VPN, replication and mappings are completely
unaffected. The site with BEFSR41 is completely unaffected. Only the XP Pro
workstations at the remote site with BEFSX41 can't map drives to shares at
the main site unless the XP Pro firewall is turned off. The problem seems to
have begun about the time the XP Pro firewall update was sent out. The two
sites (main and one remote) with BEFSX41 are both using the latest current
firmware on the routers.
Any ideas?
Thanks, John K |
|
| Back to top |
|
 |
John K
Guest
|
| Posted:
Sun Jan 09, 2005 6:40 pm Post subject:
Re: VPN WinXP Firewall |
|
|
I was looking at the Win XP Pro firewall configuration and it occurred to me
to ask if I should add port 1723 to the port list and enable the port?
Should it have been passing port 1723 traffic before the firewall update? I
have the impression firewall port definitions are for configuring inbound
traffic connections. Or does it have to be configured to permit traffic on a
given numbered port (VPN) without regard to if the connection is established
as inbound or outbound?
Thanks, John K.
"John K" <jkraus@allcompsyr.com> wrote in message
news:OHd$83j9EHA.4004@tk2msftngp13.phx.gbl...
| Quote: | I have a remote site using XP Pro workstations connecting with VPN and
mapping a couple of shares. Connects to a W2K3 server at the main site. It
had been working since it was set up about six months ago and all has been
fine. Never misses a beat and has always been very fast. All of a sudden it
stopped working. It connects OK but the name mappings (net use x:
\\xxxxx\xxxxx /USER:xxxx@xxxx.xxx xxxxxx /persistent:no) don't work.
The remote clients go thru a Linksys BEFSX41 at the remote site. Have
another site connecting into the same domain that uses a BEFSR41. It is
OK. There are three sites total, same domain, each with W2K3 DCs.
Come to find out, I turned off the Win XP firewall and now it works as
before. The problem seems to have begun when the Win XP firewall update
was sent out in December 2004.
The usage for this is only on weekends so I have the remote user turning
off the Windows firewall when they are working and turn it back on
afterwards. The Linksys firewall is still in place so it isn't a severe
issue for a couple hours of work / connect time. The behavior is the same
without regard to the workstation used at the remote location and it only
happens at the remote site equipped with the BEFSX41. The mappings occur
very fast when the connection is invoked. With Windows Explorer open they
pop up pretty much instantaneously when the command file runs. The rasdial
string uses a domain username password as does the net use line entry with
the mappings set to no persistence.
The main site has a BEFSX41. The three sites connect and replicate the
domain on a schedule in the middle of the nite (seven days /365) and it
works OK. There are mappings used between the servers that sync some
database stuff and user data that hasn't been affected. That also occurs
in the middle of the nite during the period while replication is running.
That stuff occurs through the use of a command file that creates some
mappings and uses Xcopy to update only the chaged files. The amount of
data isn't very big, taking a max of 45 minutes across all three servers.
In short, the servers running VPN, replication and mappings are completely
unaffected. The site with BEFSR41 is completely unaffected. Only the XP
Pro workstations at the remote site with BEFSX41 can't map drives to
shares at the main site unless the XP Pro firewall is turned off. The
problem seems to have begun about the time the XP Pro firewall update was
sent out. The two sites (main and one remote) with BEFSX41 are both using
the latest current firmware on the routers.
Any ideas?
Thanks, John K
|
|
|
| Back to top |
|
|
Robert L [MS-MVP]
Guest
|
| Posted:
Sun Jan 09, 2005 9:20 pm Post subject:
Re: VPN WinXP Firewall |
|
|
what do you receive is using net view \\servername command?
--
For more and other information, go to http://www.ChicagoTech.net
Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"John K" <jkraus@allcompsyr.com> wrote in message
news:OHd$83j9EHA.4004@tk2msftngp13.phx.gbl...
| Quote: | I have a remote site using XP Pro workstations connecting with VPN and
mapping a couple of shares. Connects to a W2K3 server at the main site. It
had been working since it was set up about six months ago and all has been
fine. Never misses a beat and has always been very fast. All of a sudden it
stopped working. It connects OK but the name mappings (net use x:
\\xxxxx\xxxxx /USER:xxxx@xxxx.xxx xxxxxx /persistent:no) don't work.
The remote clients go thru a Linksys BEFSX41 at the remote site. Have
another site connecting into the same domain that uses a BEFSR41. It is
OK. There are three sites total, same domain, each with W2K3 DCs.
Come to find out, I turned off the Win XP firewall and now it works as
before. The problem seems to have begun when the Win XP firewall update
was sent out in December 2004.
The usage for this is only on weekends so I have the remote user turning
off the Windows firewall when they are working and turn it back on
afterwards. The Linksys firewall is still in place so it isn't a severe
issue for a couple hours of work / connect time. The behavior is the same
without regard to the workstation used at the remote location and it only
happens at the remote site equipped with the BEFSX41. The mappings occur
very fast when the connection is invoked. With Windows Explorer open they
pop up pretty much instantaneously when the command file runs. The rasdial
string uses a domain username password as does the net use line entry with
the mappings set to no persistence.
The main site has a BEFSX41. The three sites connect and replicate the
domain on a schedule in the middle of the nite (seven days /365) and it
works OK. There are mappings used between the servers that sync some
database stuff and user data that hasn't been affected. That also occurs
in the middle of the nite during the period while replication is running.
That stuff occurs through the use of a command file that creates some
mappings and uses Xcopy to update only the chaged files. The amount of
data isn't very big, taking a max of 45 minutes across all three servers.
In short, the servers running VPN, replication and mappings are completely
unaffected. The site with BEFSR41 is completely unaffected. Only the XP
Pro workstations at the remote site with BEFSX41 can't map drives to
shares at the main site unless the XP Pro firewall is turned off. The
problem seems to have begun about the time the XP Pro firewall update was
sent out. The two sites (main and one remote) with BEFSX41 are both using
the latest current firmware on the routers.
Any ideas?
Thanks, John K
|
|
|
| Back to top |
|
|
John K
Guest
|
| Posted:
Mon Jan 10, 2005 4:51 pm Post subject:
Re: VPN WinXP Firewall |
|
|
When using net view and the connection has the shares properly mapped
(Windows XP firewall 'OFF') it returns the shares on the server as expected.
When the Windows firewall is 'ON' the shares didn't map and net view
complains of network path not found. In any case it doesn't see the named
server with net view when Windows firewall is 'ON'. That in spite of the
fact that the rasdial command executed OK and gives the confirmation of the
connection on bottom right of XP Pro desktop. Pinging the FQDN of the server
replies but pinging just the servername gets no reply. I checked the links
you provided but there weren't any specific references to what I am seeing.
For whatever reason it seems as though the problem is related to an anomaly
between Windows firewall and the BEFSX41. Bear in mind an otherwise
identical configuration works on the other site with a BEFSR41. At my next
opportunity I am going to turn off the firewall on the BEFSX41 at the remote
site and check the result. I can't get over there for a couple of days. I'll
post back when I have some results.
Thanks, John K.
"Robert L [MS-MVP]" <noreply@hotmail.com> wrote in message
news:OAn9X7l9EHA.3700@tk2msftngp13.phx.gbl...
| Quote: | what do you receive is using net view \\servername command?
--
For more and other information, go to http://www.ChicagoTech.net
Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more
help.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis,
http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"John K" <jkraus@allcompsyr.com> wrote in message
news:OHd$83j9EHA.4004@tk2msftngp13.phx.gbl...
I have a remote site using XP Pro workstations connecting with VPN and
mapping a couple of shares. Connects to a W2K3 server at the main site. It
had been working since it was set up about six months ago and all has been
fine. Never misses a beat and has always been very fast. All of a sudden
it stopped working. It connects OK but the name mappings (net use x:
\\xxxxx\xxxxx /USER:xxxx@xxxx.xxx xxxxxx /persistent:no) don't work.
The remote clients go thru a Linksys BEFSX41 at the remote site. Have
another site connecting into the same domain that uses a BEFSR41. It is
OK. There are three sites total, same domain, each with W2K3 DCs.
Come to find out, I turned off the Win XP firewall and now it works as
before. The problem seems to have begun when the Win XP firewall update
was sent out in December 2004.
The usage for this is only on weekends so I have the remote user turning
off the Windows firewall when they are working and turn it back on
afterwards. The Linksys firewall is still in place so it isn't a severe
issue for a couple hours of work / connect time. The behavior is the same
without regard to the workstation used at the remote location and it only
happens at the remote site equipped with the BEFSX41. The mappings occur
very fast when the connection is invoked. With Windows Explorer open they
pop up pretty much instantaneously when the command file runs. The
rasdial string uses a domain username password as does the net use line
entry with the mappings set to no persistence.
The main site has a BEFSX41. The three sites connect and replicate the
domain on a schedule in the middle of the nite (seven days /365) and it
works OK. There are mappings used between the servers that sync some
database stuff and user data that hasn't been affected. That also occurs
in the middle of the nite during the period while replication is running.
That stuff occurs through the use of a command file that creates some
mappings and uses Xcopy to update only the chaged files. The amount of
data isn't very big, taking a max of 45 minutes across all three servers.
In short, the servers running VPN, replication and mappings are
completely unaffected. The site with BEFSR41 is completely unaffected.
Only the XP Pro workstations at the remote site with BEFSX41 can't map
drives to shares at the main site unless the XP Pro firewall is turned
off. The problem seems to have begun about the time the XP Pro firewall
update was sent out. The two sites (main and one remote) with BEFSX41 are
both using the latest current firmware on the routers.
Any ideas?
Thanks, John K
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in