Windows Vista clients cannot access network shares over a VPN or dial-up connection
You may find that although Windows Vista clients can successfully connect to a VPN or Dial-up RAS connection, access to shares on the internal LAN fails. You may have Windows XP clients connecting over RAS using the same remote access settings and they are able to reach the shares without any problem. The Vista machines can ping internal servers but cannot access shared resources on the servers.
This issue will be seen if port 139 is blocked or filtered on any intermediate network or firewall devices. Often network administrators will block access to the NetBIOS over TCP/IP (NetBT) session port 139 and allow access only to SMB Direct Host port 445. This will also occur if NetBT is disabled on the remote Windows Vista client. Due to a problem with the initial release of Windows Vista, RAS connections will only succeed on port 139.
SMB is the file sharing protocol used by Windows. By default it should try to connect on both legacy NetBT port 139 and SMB Direct Host port 445. The problem is seen because Vista RTM does not add the RAS adapter GUID for SMB to the lanmanserver, lanmanworkstation, and SMB registry keys. Because of this if NetBT port 139 is blocked, file sharing will fail over a RAS interface.
For SMB to work over a RAS interface, the interface GUID must be added to the following registry locations:
- HKLM\CurrentControlSet\Services\SMB\Linkage HKLM\CurrentControlSet\Services\lanmanworkstation\Linkage
- HKLM\CurrentControlSet\Services\lanmanserver\Linkage
To resolve this issue, see KB article 933468 - You cannot access SMB shares on a corporate network through a Remote Access Service (RAS) connection from a computer that is running Windows Vista
https://support.microsoft.com/default.aspx?scid=kb;EN-US;933468
You can submit an online request for a hotfix to apply, or use the steps provided in the article to bind the SMB protocol to the RAS interface. Alternately you can apply Service Pack 1 for Windows Vista.
Here are the download links to obtain Vista SP1:
KB935791 - How to obtain the latest Windows Vista service pack:
https://support.microsoft.com/kb/935791
Comments
Anonymous
May 01, 2008
KB article 933468 doesn't say anything about lanmanworkstation or lanmanserver, only about SMB; but it looks like Windows puts it in lanmanworkstation and lanmanserver after reboot. More importantly, both of my Vista SP1 machines cannot access shares over VPN. On the first machine: .Installed Vista RTM .Did the registry mod listed in 933468 .Was able to access shares over VPN. .Installed Vista SP1. .Was unable to access shares over VPN. On the second machine: .Installed Vista RTM .Installed Vista SP1. .Was unable to access shares over VPN. Any ideas?Anonymous
June 18, 2008
Paul Holm is correct. This problem is NOT fixed in Vista SP1. In fact, in SP1, the problem re-surfaces, and the workaround no longer works. This is on Vista Business x64 SP1 (6.0.6001), rasmans.dll is 308,224 bytes, and version 6.0.6001.18000, mod date 1/19/2008 12:03am.