Cannot Access DFS Share Over VPN
Hello, One of my clients have Windows 7 Pro based laptops that they use to access the company network via PPTP VPN connections. The VPN connections are provided by a Draytek 2820 router. The laptops are a mix of x86 and x64 architectures. The issue is that when connected to the VPN the users cannot access drives mapped to DFS shares. When attempting to access a DFS share the users receive a "The user name could not be found" message. The users can connect to shared folders on the servers by using \\server\share. The issue is caused by the Credential Manager that shows "*Session" when the VPN connection is active. If these credentials are manually removed from the Credential Manager then the user can access DFS shares no problem. However, the credentials re-appear on the next connection. I know that some people have worked around this issue by editing the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds registry key, however, this client uses the BPOS suite and it seems that the Sign In Tool depends heavily on the credential manager. Setting this registry key stops the sign in tool working. It seems that this is a fairly common problem that was introduced in Vista and still exists in Win 7. Can anyone suggest a fix/workaround that won't have a negative impact on the BPOS sign in tool? Thanks, David
May 19th, 2011 3:34pm
Hi Sabrina, Thanks very much for your response. However, the VPN user names are not the same as the domain user names so your reasoning isn't quite right and option 2 won't help. The modification of the .pbk file you mention sounds like a probable workaround - I'll give that a go. Regards, David
May 20th, 2011 3:16am
Hello again, Modifying the UseRasCredentials value has done the trick. Is there any way I can apply this setting via group policy rather than modifying each computer manually? Thanks, David
May 20th, 2011 6:12am
Hi David, Thank you for your post. I think we cannot use the group policy to achieve this. I will report this issue to our related department. Thank you for your effort. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 22nd, 2011 11:52pm
Hello, Sabrina We have same problem, VPN users with Windows Vista & 7 cannot access DFS resources. modifying of *.pbk files don't give us any result. \\DFS-share shows namespaces, but not all. Direct links like \\file-server\backups$ are permited, but DFS links are invisible or denided
July 26th, 2011 9:21am
The problem was solved. 1. PPTP adapter must have DNS suffixes in DNS Search List 2. PPTP connection use userPrincipalName (example email@example.com (not domain.local\user), necessarily FQDN)
May 11th, 2012 7:19am
Hi All, We have the same problem and none of the above has resolved the problem. When users on on XP Pro laptop connect to VPN they are able to access network drives that are not replicated. We are able to see the root and folder structure but when you click on the folder or mapped drive you get an error " You might not have permission to use the network resource"
August 24th, 2012 11:57am
Hi All, As a test we edited the local host file by adding the static IP for the DFS server. Connections over VPN to DFS shares now work, issue is DNS.
November 19th, 2012 11:50am