VPN prevents access to local subnet
Why after I connect a VPN from Win 7 64bit to a remote server is it no longer possible to access any shares on others PCs on my local subnet. This always works in XP but in W7 as soon as I open a VPN my local subnet resources become inaccessible. My home folder starts asking for login credentials for the remote network when I try to open a folder within the already open H:\ drive.
May 18th, 2011 3:12am

Hi, Thanks for posting in Microsoft TechNet Forum. This usually happens when the subnet at the remote location is the same as the local subnet. Based on the Use default gateway on remote network setting, one of the following occurs when the VPN connection is active: · When the Use default gateway on remote network check box is cleared, Internet locations are reachable and intranet locations are not reachable, except for those matching the network ID of the Internet address class of the assigned IP address. · When the Use default gateway on remote network check box is selected (the default setting), all intranet locations are reachable and Internet locations are not reachable, except for the address of the VPN server and locations available through other routes. For most Internet-connected VPN clients, this behavior does not represent a problem because they are typically engaged in either intranet or Internet communication, but not both. Regarding the issue, you could try the methods in the following article and see if it works: You Cannot Connect to the Internet After You Connect to a VPN Server Hope it helps. Alex Zhao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2011 12:57pm

Thanks for the reply. I do not think this is an IP issue. Last night I started collecting evidence only to find that the local drive was accessible. This morning it is failing again. What I notice now though is although the first part of the error says the network location is unavailable it is also indicating that it is a logon failure that is making the location unavailable not an IP issue. So I am logged in to W7 with a domain account DJMILLS\DMILLS and everything is working fine. Then I open a VPN connection to work and from then on if I try to access a folder in my H:\ drive I get a Logon Failure unknown username or password. When I tried to access a DFS root it prompts me for a passwork but using the login ID that I have used to open the VPN connection.
May 19th, 2011 9:09am

I notice that as soon as I open the VPN then NSLOOKUP defaults to the DNS server at work instead of the home DNS server. I guess there is an authentification being directed to the DNS servers at work when I try to access local network shares and it is failing (as it should) but how do I set this up so that my local domain login continues to be used instead of trying to authenticate to the DCs at work.
Free Windows Admin Tool Kit Click here and download it now
May 19th, 2011 9:17am

After some more testing and Google'ing it seems that this is a common issue. If I supply alternate login details for my AD domain it all worksa until I logoff and then the problem starts again. This is not a great situation and not many non suport staff will run into it I guess. I would like to understand why this is happening and to learn how to avoid the problem. I just do not look forward to explaining to my users that the reason they cannot access local network reesources is because although it worked fine in XP Microsoft decided to improve the product so it would not longer work.
May 20th, 2011 12:48am

Hi, thanks for update. Just for a test, try the following steps to check what the result is: 1. Locate the .pbk file. This file should be in C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk 2. Open the file in Notepad. 3. Locate the following entry: UseRasCredentials=1 4. Modify the entry to the following: UseRasCredentials=0 5. On the File menu, click Save, and the click Exit. Alex Zhao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2011 9:33am

I found some suggestion via Google and ended up changing my mapped drives and shortcuts to FQDN names instead of Netbios/hostname format. I was then prompted for credentials on trying to access \\djmills.co.uk\storage (my DFS root) and since then have not needed to enter credential and have full access. I cannot tell if you suggestion is doing anything sine so far it is all working. However this still feels uncomfortablely like a bug with a work around, either mine or yours. I dread having to support this as I do not understand why either workaround works and so I am not confident it will continue to work. I I don't understand this the average end user wil just have glazed over eyes. I will be back in this thread if it all stops working later. It should not be this hard to understand nor require such obscure fixes.
May 20th, 2011 11:53pm

Well the issue has returned. I have tried changing the Pbk ini file (although it is in a filder called _hiddenPbk) With the original UseRasCredentials=1 I cannot access local Lan shares and with it set to 0 I cannot access remote network shares.So no solution here although a little more understanding. In either case I get prompted for a user login and need to use whichever account is appropiate. Still a crap situation.
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2011 2:32am

Hi Dave, Based on my experience the issue may be caused by improper route table. Therefore, please try the action plan below. 1. Right click your VPN connection icon in “network connections” and select properties. 2. Switch to “networking” tab and modify properties of “internet protocol verison 4 (TCP/IPV4)” 3. Click “advanced..” button and uncheck “use default gateway on remote network”. 4. Redial your VPN connection. If the action plan doesn’t work, then please run the two commands below on your client after you established the VPN connection. Ipconfig /all > c:\ipconfig.txt Route print > c:\routeprint.txt Then attach the contents of the two files to us.
May 24th, 2011 11:32am

Sorry for the delay in getting back I just got back from a sailing week. I will give your idea a try but with XP "use Default Gatway on remote network" was OK unless you wanted to surf the net while connected. It also had the effect of breaking connections to the remote network in many cases. I guess ipconfig and route print for the two cases may help show the cause. I won't be able to access the system until Thursday though due to other work.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 11:39pm

Hi Dave, how thing going on your side? would you mind send me a update of the issue? thanks for your time in advance.
June 10th, 2011 12:06pm

The problem still exists but after I changed to FGDN names I get prompted for a logon but it is then remembered and I can access the local resources. It has asked twice now but I have not noticed what the trigger is. I think it may forget the login at a reboot or logoff but this is my home system so logoff is quite rare.
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 8:29am

It has just happened again. This time I cannot even provide credentials that work. I have a DFS root and after I open a VPN to work I cannot access the path \\djmills.co.uk\storage. It simply prompts for a user account and the default is the account used for the VPN. Even if I change the login to my local domain it will not authenticate the login so access fails. I have the feeling this is all happening because the authentification is being directed to the works DCs and thus failing. That is I cannot access \\djmills\storage because the VPN credentials do not work and I cannot authenticate with local credentials because the DC beiing used is at work (down the VPN). I just don't know how trouble shoot this.
June 23rd, 2011 9:00am

Hi Dave, I agreed with you it might be an authentication issue. Troubleshoot process might be complex. But I could give some tips here. 1. Verify if you can access one of the DFS servers with its UNC path instead of DFS path. 2. Check DCs and vpn server, you may find relevant events in them. 3. Reproduce the issue and gather netmon trace. It will help you find more detailed information. Besides, your question falls into the paid support category which requires a more in-depth level of support. Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 12:37pm

Thanks, Will try some of you suggestions. Off on vacation for a week now though so I will not be doing anything for a bit.
June 24th, 2011 9:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics