Recently, VPN users on Windows devices are unable to access their network shares when connecting to our private network through a L2TP/IPsec connection. Users receive the following error messages when they attempt to access their shares. "The system cannot contact a Domain Controller to service the authentication request. Please try again later." But more frequently and more commonly. "An error occurred while reconnecting to mounted drive path Microsoft Windows Network: The local device name is already in use. This connection has not been restored. Have deleted and readded test devices to the domain--does not fix. Have disabled local Windows Defender Firewall--does not fix Have deleted and remounted the share paths at various levels in various sequences--does not fix. No settings were adjusted on the DC, the firewall, or the network share before the issue started to occur (I think). Oddly enough, the same network shares are available using the SAME VPN connection on a MacBook Air (smb:). Windows Devices are running up to date versions of Windows 10 Network Shares are hosted on Server 2012. Any suggestions would be greatly appreciated!!

I guess I misunderstood you. I thought RDP had to be enabled locally to enable the NLA setting Ok, no, not sure how you got that. The shares that mount through GPO are still not accessible on the VPN. They shares must be mounted manually. Could be the timing of applying GP before VPN is established, but just a guess. I'd suggest starting a new thread about this new development here in dedicated forums. https://learn.microsoft.com/en-us/answers/topics/windows-group-policy.html --please don't forget to Accept as answer if the reply is helpful--

I'd check the VPN is setup for use default gateway on remote network . Also check the VPN connection properties gets the correct DNS server addresses. --please don't forget to Accept as answer if the reply is helpful--

DSPatrick Thank you so much for providing those suggestions. So I inspected both settings. use default gateway on remote network is enabled. I also added the addresses for our DNS servers as you suggested. Connected to the VPN on my test device ran and IP Config. The device gets the proper DNS servers but does not get the default gateways address. 0.0.0.0 is what appears next to default gateway. Thanks for any additional thoughts!

I think that sounds correct. If the box is unchecked then the gateway appears blank, when checked it appears as 0.0.0.0. I'd also check that the VPN connection got the domain network profile. When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile. If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public. --please don't forget to Accept as answer if the reply is helpful--

Hi, Thank you for posting in Q&A! May I ask do you access the network share by \IP\sharedfolder or \hostname\sharedfolder? Can you nslook up the hostname & IP successfully from client? Firstly, please Enable File and Printer Sharing in Windows Defender Firewall. If you can access via IP, but not by hosename, it seemed to be a name resolution issue. Please try to add the server's hostname and ip address to the c:\windows\system32\drivers\etc\hosts file Then you can Remap the Network Drive by command. Microsoft recommends users to remap the Network drive if they encounter the “The local device name is already in use” error. net use * /delete net use Z: \server\share /user:username password Hope you have a nice day : ) Gloria ============================================ If the Answer is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

Domain Users Unable to Acces Network Shares Using VPN

Peter_Gibbons 61

Recently, VPN users on Windows devices are unable to access their network shares when connecting to our private network through a L2TP/IPsec connection. Users receive the following error messages when they attempt to access their shares.

"The system cannot contact a Domain Controller to service the authentication request. Please try again later."

But more frequently and more commonly.

"An error occurred while reconnecting to mounted drive path Microsoft Windows Network: The local device name is already in use. This connection has not been restored.

Have deleted and readded test devices to the domain--does not fix.

Have disabled local Windows Defender Firewall--does not fix

Have deleted and remounted the share paths at various levels in various sequences--does not fix.

No settings were adjusted on the DC, the firewall, or the network share before the issue started to occur (I think).

Oddly enough, the same network shares are available using the SAME VPN connection on a MacBook Air (smb:).

Windows Devices are running up to date versions of Windows 10

Network Shares are hosted on Server 2012.

Any suggestions would be greatly appreciated!!

Accepted answer

Anonymous

2021-01-15T17:34:58.797+00:00

I guess I misunderstood you. I thought RDP had to be enabled locally to enable the NLA setting

Ok, no, not sure how you got that.

The shares that mount through GPO are still not accessible on the VPN. They shares must be mounted manually.

Could be the timing of applying GP before VPN is established, but just a guess. I'd suggest starting a new thread about this new development here in dedicated forums.
https://learn.microsoft.com/en-us/answers/topics/windows-group-policy.html

--please don't forget to Accept as answer if the reply is helpful--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

11 additional answers

Anonymous

2021-01-14T19:27:13.777+00:00

I'd check the VPN is setup for use default gateway on remote network. Also check the VPN connection properties gets the correct DNS server addresses.

--please don't forget to Accept as answer if the reply is helpful--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Peter_Gibbons 61 Reputation points

2021-01-14T21:41:29.913+00:00

DSPatrick

Thank you so much for providing those suggestions. So I inspected both settings. use default gateway on remote network is enabled. I also added the addresses for our DNS servers as you suggested.

Connected to the VPN on my test device ran and IP Config. The device gets the proper DNS servers but does not get the default gateways address. 0.0.0.0 is what appears next to default gateway.

Thanks for any additional thoughts!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anonymous

2021-01-14T22:08:53.783+00:00

I think that sounds correct. If the box is unchecked then the gateway appears blank, when checked it appears as 0.0.0.0. I'd also check that the VPN connection got the domain network profile.

When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile.
If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.

--please don't forget to Accept as answer if the reply is helpful--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Gloria Gu 3,936 Reputation points

2021-01-15T02:41:11.543+00:00

Hi,

Thank you for posting in Q&A!

May I ask do you access the network share by \IP\sharedfolder or \hostname\sharedfolder? Can you nslook up the hostname & IP successfully from client?

Firstly, please Enable File and Printer Sharing in Windows Defender Firewall.

If you can access via IP, but not by hosename, it seemed to be a name resolution issue. Please try to add the server's hostname and ip address to the c:\windows\system32\drivers\etc\hosts file

Then you can Remap the Network Drive by command. Microsoft recommends users to remap the Network drive if they encounter the “The local device name is already in use” error.

net use * /delete
net use Z: \server\share /user:username password

Hope you have a nice day : )
Gloria

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Domain Users Unable to Acces Network Shares Using VPN

11 additional answers

Your answer