Hey everyone,
This is an incredibly strange situation, and I am not a network guru or a Windows Server 2003 guru, so I'm unsure of where to focus my troubleshooting efforts, or if I should get Microsoft involvement.
We have three sites and a hosting facility where all of our central servers are located. Let's call the sites A, B, and C. A, B, and the hosting facility are all on the same WAN. You can login to the domain, access domain network resources (file shares) and everything is good. Site 'C' is not connected to the WAN, but they have domain user accounts and computers that have previously been logged into the domain while the users were on site. They login with their "cached" domain accounts perfectly fine. Then they connect to the VPN with the same domain accounts. They are connected, because the VPN connection says so, and they are able to ping network resources by name and by IP address. They cannot access network shares. Running "net view \\SERVERNAME" gives an Access Denied message, even though the user should have rights to read/write. For example, if SERVERNAME was the name of one of our domain controllers, they should at the very least see the sysvol and netlogon shares, but they are unable to do so. They receive the Access Denied message.
To further complicate matters, this all works fine from everywhere other than Site 'C'. If they take their laptops home, they can connect fine with no issues.
Now here comes the strange part that I cannot explain: If I setup a WebEx to try to troubleshoot this issue remotely, it works fine every single time. I've verified that it's not an end user error because I had the user type the command "net view \\SERVERNAME" in the command prompt before I setup the WebEx, get the error and leave it on the screen. After I connected to WebEx, I saw the command they typed, saw the error and typed the command again but I see the listed shares fine. This happens every single time, and it makes it incredibly difficult for me to troubleshoot the issue if I cannot even see the error first hand.
In two months, they will be relocated to a different location that will be a part of our WAN, and our hope is that this same issue will not exist there. We have about 50 users who access our resources using VPN every single day, and we have never had an issue other than issues with the users at site 'C'.
Has anyone seen a similar issue, or have any ideas for troubleshooting steps so that I can test to narrow down the problem?
I apologize in advance for any terminology that I may be using incorrectly. If you need clarification on anything, just let me know. Thanks!
This is an incredibly strange situation, and I am not a network guru or a Windows Server 2003 guru, so I'm unsure of where to focus my troubleshooting efforts, or if I should get Microsoft involvement.
We have three sites and a hosting facility where all of our central servers are located. Let's call the sites A, B, and C. A, B, and the hosting facility are all on the same WAN. You can login to the domain, access domain network resources (file shares) and everything is good. Site 'C' is not connected to the WAN, but they have domain user accounts and computers that have previously been logged into the domain while the users were on site. They login with their "cached" domain accounts perfectly fine. Then they connect to the VPN with the same domain accounts. They are connected, because the VPN connection says so, and they are able to ping network resources by name and by IP address. They cannot access network shares. Running "net view \\SERVERNAME" gives an Access Denied message, even though the user should have rights to read/write. For example, if SERVERNAME was the name of one of our domain controllers, they should at the very least see the sysvol and netlogon shares, but they are unable to do so. They receive the Access Denied message.
To further complicate matters, this all works fine from everywhere other than Site 'C'. If they take their laptops home, they can connect fine with no issues.
Now here comes the strange part that I cannot explain: If I setup a WebEx to try to troubleshoot this issue remotely, it works fine every single time. I've verified that it's not an end user error because I had the user type the command "net view \\SERVERNAME" in the command prompt before I setup the WebEx, get the error and leave it on the screen. After I connected to WebEx, I saw the command they typed, saw the error and typed the command again but I see the listed shares fine. This happens every single time, and it makes it incredibly difficult for me to troubleshoot the issue if I cannot even see the error first hand.
In two months, they will be relocated to a different location that will be a part of our WAN, and our hope is that this same issue will not exist there. We have about 50 users who access our resources using VPN every single day, and we have never had an issue other than issues with the users at site 'C'.
Has anyone seen a similar issue, or have any ideas for troubleshooting steps so that I can test to narrow down the problem?
I apologize in advance for any terminology that I may be using incorrectly. If you need clarification on anything, just let me know. Thanks!