Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, August 27, 2018 8:03 PM
We seem to be having some strange issue where our users who have Windows 8 and 10 (majority have Windows 10 now) cannot access the file share when connected to our Cisco AnyConnect VPN. All shares are accessible from the same computer when connected to our internal network - it is just when connected to the VPN that the shares are not accessible. The odd things is that all Windows 7 computers can connect to the file share internally and while connected to the VPN offsite.
The server's Windows firewall is set to allow our internal network subnets as well as the VPN network subnet.
Here is what is working:
- All computers can connect to the file share when connected to the internal network
- All Windows 7 computers accessing SMB connected via VPN as well as when connected to the internal network
- All computers can RDP to the file server when connected to VPN (when allowed during testing)
Here is what is not working:
- Windows 8 and Windows 10 computers accessing SMB connected via VPN
When a Windows 10 computer tries to connect to the file share while connected to VPN, the file share does have a firewall log entry that shows that computer is reaching the server. However the Windows 8 or 10 client computer responds saying "Cannot Access \server". When I click Diagnose it says "The device or resource is not setup to accept connection on port 'The File and Printer Sharing (SMB)' " - but that port is allowed and Windows 7 computers connect just fine.
DNS also seems to be fine as trying to access the server with \server, \server.domain, and \IPAddress all do not work when connected to the VPN and again Windows 7 computers connect to the file share through the VPN by just typing \server.
We would be very grateful if anyone could point us in the right direction. Thank you very much!
All replies (5)
Wednesday, September 12, 2018 7:35 AM
Hi,
According to your description, I suggest that you check your windows 10’s version first.
If you are using Windows 10 1709 and later versions, please open command prompt and print Get-WindowsOptionalFeature to detect if SMB v1.0 is enable.
If it is not enable, open the command prompt and print Enable-WindowsOptionalFeature -Online -FeatureName "Hearts" -All to enable SMB v1.0.
If SMB is enable, it might be a VPN limitation. Please turn to the Cisco support for more professional support.
Hope these are helpful.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, September 12, 2018 7:35 AM
Hi,
Has your issue been resolved?
If yes, would you like to share your solution in order that other community members could find the helpful reply quickly.
If no, please reply and tell us the current situation in order to provide further help.
Best
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, September 24, 2018 6:11 PM
Thanks very much for the suggestions. It unfortunately has not been solved yet. We had already thought about SMBv1. A Windows 10 1703 laptop (that didn't get the SMBv1 disable update) is not able to connect to the file share. We had also tried enabling and disabling SMBv1 on the 1803 test computers and they all could not connect to the file share when connected to the VPN. What doesn't make sense is that all those same computers can connect to the file share just fine when connected to the Internal Network. So that is leading us to think it might not be an SMBv1 issue????
We are trying to work with the VPN team again now to see if it might be something there.
Thanks very much for your help!
Wednesday, November 21, 2018 2:40 PM
Hi did you ever get a resolve on this particular issue?
I'm jumping through the same hoops at the moment. Can connect to share(s) on network but not via VPN.
One share I can connect to whilst the VPN is connected.
Any advice if you found a resolve would be much appreciated.
Running a get-smbconnection I can see the working share has a dialect of 3.0 the non-working share uses a dialect of 2.1
Win10 build is 1607.14393.2189
Wednesday, January 2, 2019 1:30 PM
I found this post today as I'm experiencing a similar issue. IKEv2/IPSEC VPN using the Windows 10 native VPN client, rather than Cisco Anyconnect, but other aspects the same;
Windows 10 Client cannot access an SMB network share over the VPN,
But, I can ping the host, by name or IP. I can RDP to the host.
I can even unmount and remount the share and explorer is showing me the correct free remaining space on the device - like it's partially working. But double clicking the drive in explorer causes it to hang then time out, reporting it's not accessible. Similarly in powershell/cmd I can change to that drive, but typing dir causes the same hang.
However, I've also sort-of-proved (?) this isn't a windows issue (at least not exclusively), because connected to a different internet connection (4G/HSDPA modem instead of Public Wifi) and using the same VPN - it all works properly.
Which just leaves me wondering, how and what are the WiFi operating doing that prevents only some protocols working over a VPN connection? Is the VPN data being somehow decrypted and filtered? Or am I way too paranoid.
It's more likely that it's an unintentional combination of factors but what exactly, I've no idea.