Resolving Network Issues-You Might Not Have Permission To Use This Network Resource

  • Article

I sometimes get error messages when I am working that have to do with Network Communications.  The most recent was an Open Folder Error \\ServerName is not accessible. You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.  Logon Failure: The target account name is incorrect.  In my case I actually got this message because the computer I wanted to connect to was not the one I wanted to connect to.  Let me explain…

First a picture of the error message:

SNAGHTML127e72fe

I actually have two different networks (actually many more but let’s keep it simple) One network is my LOCAL network and one is my VPN (DirectAccess) CORP network.  My local desktop name is Dan-HP.  My local domain is baystate.loc.  My CORP network is NA.CORP.  My other domains are demo environments (Contoso, WoodgroveBank, etc).  When I try to access my local workstation (from my laptop) I typed in \\dan-hp and I get the above message.  What is actually happening under the covers is DirectAccess is forwarding (or intercepting and forwarding) the request onto the DirectAccess or VPN.  The network thinks I am trying to connect to //dan-hp/na.corp.  In reality, I am trying to connect to //dan-hp.baystate.loc.  To solve this problem all I need to do is explicitly connect to the computer giving the fully qualified domain name of the machine.  This way the network request will go directly to the machine I want to connect to.  In this case I would go to \\dan-hp.baystate.loc and I am presented with a folder list of shares on my dan-hp desktop.

So why does this happen?  What if this happens and you are not using a VPN or multiple networks?  Let me start with  most of the time when there are networking issues, it is either a DNS issue or a local firewall issue.   I would start by eliminating DNS as the problem.  To do this simply try to access the machine via it’s IP address.  In my case that would look something like this: \\192.168.1.170.   If that is successful it is DEFINTELY a DNS issue.  If you are suspicious of a DNS issue it is very easy to  put a work around in place.  I posted an article on How To Resolve Connectivity Issues / Resolving Connectivity Issues a few months ago.  Follow that article to see if you resolve the problem.  Fixing DNS is a whole different discussion for another day but I did give a couple quick tips below.  The next thing I would try is disabling the firewall on the destination machine.  One of these two tips should help you resolve the issue.

A little more about what is happening under the covers…

TCP-IP-v4-Advanced-DNS-Settings

Computers speak via a network using an IP address.  People tend to understand or speak in “Real Names” (eg. Dan-HP) when referencing to a specific computer. Since computers only talk in numbers and people only talk in names a resolution or reference table of translations between names and numbers must be done in order for communications to happen.  When you type in a name the computer will try to find the IP address of the computer you are searching for.  It will try to “resolve” the name by looking in several places.  This is called “Name Resolution”.   The first place it looks is in the c:\%system%\drivers\etc\hosts\hosts.  This is a text file that allows you to create your own table to be used for resolution of an IP address.  The next place it goes to is your local cache, then to the DNS server (Dynamic Name Service) as is indicated by your Primary or Secondary DNS server which you can obtain from a command prompt by typing IPConfig /all.  In the case of DirectAccess, it actually has a local cache of computers and redirections which are setup via Group Policy.  I will be doing a video on the details of this soon and will try to remember to come back to this post and do a cross reference.  When the local computer does not have anything in the hosts file or in the local cache it requests it from the DNS server but before it does that it actually changes the computername on the fly.  It changes it to a fully qualified domain name (assuming you have Append These DNS suffixes (in order) selected.  It will try \\computername.domainName for each domain you have listed in the domain list.  It will try them in the order they are presented in the advanced TCP/IP settingsDNS Tab under Append these DNS suffixes (in order). You can change the order of the search using the up and down arrows in the Advanced TCP/IP settings.  To get to the dialog shown above go to Control Panel – Network and Internet (skip this one if not in Category View) – Network and Sharing Center – Network Status and Tasks – Change Adapter Settings (Left pane) -Right Click Local Area Connection (or whatever your adapter is called) –Select properties – click Internet Protocol Version 4 (TCP/IPv4) – Click Properties (button) - Click Advanced (button) – click DNS tab.

The “Register this connection’s addresses in DNS” goes out and reports your IP address to your DNS server to speed up and guarantee the process of finding your local computer should someone be looking for it.  If this is not selected and there is not a host record in DNS for the computer you are trying to connect to the resolution will likely fail.  If DNS fails try going to the machine that you cannot resolve and make sure this “Register this connection’s addresses in DNS” is turned on or go into your DNS server and add a host record for that machine.

Hopefully this helps you resolve your issue and understand a bit more about TCP/IP and DNS.