On-demand GlobalProtect and Mapped drives

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

On-demand GlobalProtect and Mapped drives

L3 Networker

Hello all ,

 

Having issues with some users where they have mapped drives but after they connect to global protect they don't work.

 

If they unmap and they map again it works .

When doesn't work after connecting to globalprotect if they ping the IP of the server that they have the mapped drive it works but SMB it doesn't .

 

 

We have on-demand globalprotect, SSO disabled of course and we allow netbios, SMB and I don't see any blocked traffic.

I have tried to search that and I don't want to say to the customer to fix that with scripts net use because all users are using their own shared folders.

 

 

12 REPLIES 12

Cyber Elite
Cyber Elite

@GeorgiosFakis,

What version of Windows are they using? Does the drive show as disconnected and simply won't connect, or does it simply hang when they try to access the drive? If the user restarts explorer.exe after they connect to GlobalProtect can they access the drive? 

 

I'd also ensure that the group policy you are using to map these drives is set to Update instead of Replace. There was an instance a while back where the Group Policy updating in the background with a Replace action would cause the drive mapping to be lost like you are describing here. 

Hi ,

 

Users most of them have Windows 10 and they show disconnected .We have not tried to restart this service but what we have tried to access through run command \\shareX\ .

 

We don't have standard mapped drives, each user adds their own for their work.

@GeorgiosFakis,

When someone runs into this again, try restarting explorer.exe and see if you are able to access the mapped drive again. 

Hi,

 

We tried with one user and didn't work but you know what they say? Pulse Secure was not causing that issues .

 

I have isolated the issue to specific shared folders. All common shared folders they are connected after user connect to global protect.I have asked the server team to check as well these specific shared folders and from what it seems is the sync between host and AD.

I am having the exact same issue but mine is "well Sonic Firewall works". Makes it hard to sell a new VPN solution to management when things like this don't work.
“You never fail until you stop trying.”
― Albert Einstein

So I want to share that I believe we have found the solution for mapping our personal drives without having to have the pre-logon. I had one of my admins create a .vbs file that will pull the home drive mapping info from AD. then we added a registry key into the install package to point to the .vbs file to execute this post-vpn-connect. https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/set-up-the-globalprotect-inf...
“You never fail until you stop trying.”
― Albert Einstein

L0 Member

Hi George - did you ever resolve this? Same problem over here. 

 

Hi ,

 

We found around 100 users having this issue where mapped drives had their COMPUTER name like alias and linked to one of the servers for personal host space . Basically , helpdesk instructed them how to change that so the mapped drive have a normal path .

 

I don't know how it was working before with Juniper Pulse but with GP we had issues. All the other mapped drives that was from the AD policy were ok after connecting to GP .

L0 Member

Having the same issue here with PanOS 9.1.5 and GP 5.2.2.

 

We are replacing a Sophos firewall and this just worked before it's hard to sell a PAN solution with this kind of issues.

@Jason.Holcomb would you mind posting the content of that .vbs-file, or at least describe what you meant with "that will pull the home drive mapping info from AD".

 

I think we might need to do something similar.

We have file called Map_Home_Drive.vbs which is installed on all the machines that the registry points to. In AD we have the home drive mapped (I am not the AD admin so I am not sure which field they populated but I know the drive is mapped in there)

 

'--- START

DIM strHomeDrive, strRemoteShare

SET objFileSys = CreateObject( "Scripting.FileSystemObject" )
SET objNetwork = CreateObject( "WScript.Network" )

'--- Wait a short time to connect to the network
WScript.Sleep( 15000 )

'--- Get Active Directory information
SET objSysInfo = CreateObject( "ADSystemInfo" )
SET objUser = GetObject( "LDAP://" & objSysInfo.UserName )

strHomeDrive = objUser.HomeDrive
strHomeShare = objUser.HomeDirectory

WScript.Echo vbCrLf
WSCript.Echo Now()
WScript.Echo "strHomeDrive: " & strHomeDrive
WScript.Echo "strHomeShare: " & strHomeShare
WScript.Echo vbCrLf

'--- Is strHomeDrive already mapped?
If objFileSys.FolderExists( strHomeDrive ) Then

WScript.Echo vbCrLf
WScript.Echo strHomeDrive & " is already mapped - DONE"

Else

LoopCounter = 1
LoopTotal = 5
bolHomeShareMapped = FALSE

Do While LoopCounter <= LoopTotal

WScript.Echo vbCrLf
WScript.Echo "Mapping home share - attempt " & LoopCounter & " of " & LoopTotal

'--- Check for home share
If objFileSys.FolderExists( strHomeShare ) Then

WScript.Echo "Home share found..."

'--- Map home share if it can be seen
WScript.Echo "Mapping to home share..."
objNetwork.MapNetworkDrive strHomeDrive, strHomeShare, False

'--- Verify home share is mapped
WScript.Sleep( 5000 )

If objFileSys.FolderExists( strHomeDrive ) Then

WScript.Echo "Home share mapped..."
bolHomeShareMapped = TRUE
Exit Do

End If

Else

WScript.Echo "Home share not found...waiting"
WScript.Sleep( 5000 )

End If

LoopCounter = LoopCounter + 1

Loop

'--- Report home share status
If bolHomeShareMapped Then
WScript.Echo "Home share mapped"
Else
WScript.Echo "Home share not mapped"
End If

End If

'--- END

“You never fail until you stop trying.”
― Albert Einstein

L2 Linker

Hi George.

Did you get this resolved please? I'm having the same issue.

  • 15275 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!