Hosted Application over VPN (Microsoft SBS 2003)

We are hosting an application for a remote client.  Right now the clients VPN into through Microsoft SBS 2003 and attempt to access the application running on the same server.  We have two significant issues:

1) The application we're running has a proprietary database, and a client/server configuration.  When the users VPN into the network and open their application client they need to first associate their client with the server side database.  Unfortunately when they try this (by IP or by server name) they cannot find the server.

We tried some preliminary testing... When the WAN users VPNs into the network they can see their own local domain through My Network places but cannot see the remote domain we've setup for them.  They can ping the remote domain, and if they enter the server in the address bar (i.e. \\remoteserver) they can access the server.

2) We have very poor performance over the WAN.  Both sides have Dual T1 lines, and we have monitored the server and run the application locally to address any hardware issues (i.e. CPU, RAM, etc.).  I suspect that there is some kind of DNS / WINS replication issues; however, I believe that if they VPN into our network they should be receiving the correct IP Config from the remote domain... right?

Obviously there are no easy answers here, and this response is going to take some attention from experienced EE members.  Because of this, I'm assigning this question 500 points.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Tim HolmanConnect With a Mentor Commented:
1)  Make sure DNS is setup properly on the client, so that name resolution works and network neighborhood is populated
2)  Some VPN clients / servers will handle fragments OK, some will be pretty disastrous.  For any remote client behind dial-up or ADSL, MTU tweaking should always be considered, especially with older operating systems and applications.

Could you clarify point 1 - you say that users cannot find the server by IP or server name, but then if they enter the server in the address bar they can see it ??
JABevanAuthor Commented:
Additional info:  The clients ARE on a separate local domain from the remote domain we have setup.
lrmooreConnect With a Mentor Commented:
Have them try adding a LMHOSTS file to their workstation - just for initial testing.
Only need one entry, that of the server:
Change IP address, server name as appropriate <tab>  SERVERNAME  <tab>   #PRE   <tab>  #DOM:yourdomain

Refresh the client's netbios name table:
  C:\>nbtstat -R

If this works, you can create a login script that will copy this to their LMHOSTS files when they login.

Else, you may need to have a domain trust relationship set up between the domains, and share WINS/DNS information through replication parterships..
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

JABevanAuthor Commented:
lrmoore - Thanks for your response.  It looks like the LMHOSTS file did the trick for getting us connected; however, we are still having severe connection issues.  The data we're transferring is very minor.  

For example, if we take one of our own laptops home and remote into the application we can run benchmark reports in about 90 seconds.  If our clients login it takes them over 8 minutes to run the same reports.

tim_holman - Thanks for your response.  Our clients are on their own domain so we can't mess with their DNS too much.  However, when the VPN into our enivronment they are receiving all the correct DNS and WINS entries from the remote domain we've setup for them.

Also, all traffic is going through T1 lines.

On point 1, the client cannot find the server by IP or server name through the application.  In My Network Neighborhood they cannot see the servers, but if they enter the server name in the address bar it pops up right away.  We did take lrmoore's advice and edit the LMHOSTS file, we also did WINS replication between their domain and the remote domain we've setup for them.  That resolved the connection issue, but we're still having very very poor performance.  This is critical, and I'm still leaning towards some kind of translation issue somewhere but am not sure....

Any ideas would be great.  Thanks.
Tim HolmanCommented:
LMHOSTS shouldn't be necessary if WINS is working properly, and the remote clients can see the WINS server.  
Maybe there is some incorrect information in WINS if you're finding LMHOSTS solves the issue ?

I would definitely optimize your MTU size (don't ignore this - I've seen lower MTU settings work miracles before in exactly the same scenario!).

Also, the fact that it works via a browser, but not directly, indicates that perhaps a proxy server is referenced in IE config that is pulling down the page and resolving the host name on behalf of the client ?  Can you verify this ?

If performance is an issue, maybe the T1 link is full of unwanted traffic - is this filtered ?  Do you think a worm may be present ?

A trace may help get this resolved quickly - install it on the client, and see what the hold up is.

1)  Go to
2)  Under Windows 98/ME/2000/XP/2003 Installers, select a site near you
3)  Download WinPcap_3_0.exe and ethereal-setup-0.10.4.exe
4)  Install WinPcap_3_0 - double click on the WinPcap_3_0.exe file, just
click OK / Yes throughout
5)  Install ethereal-setup-0.10.4 - double click on the file, accept all the
defaults (OK / Yes throughout)
6)  Start the Ethereal application
7)  Go to Capture > Start
8)  Under Interface, select your Internet facing interface.  If you're
unsure, then select one, and continue.  If it displays results, then you've
got the right interface, if your capture is empty, then select another
interface and carry on...
9)  Under Capture Files, put \capture.cap
10)  Click OK
11)  Capturing will commence....
12)  Capture what you need to
13) Go back to Ethereal, click Stop
14)  Analyse the c:\capture.cap file, or send it to me -
Tim HolmanCommented:
Also, spring cleaning your remote client of malware may mediate things -

Getting rid of malware...

1)  Run a full Stinger scan in Safe Mode -
2)  Install and run LavaSoft AdAware -
3)  Download and run latest version of HijackThis (HJT)
4)  Post the log at
5)  Run MSBA - & take appropriate patching action

Preventing malware...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended. and are good free ones...
Also, check this link for some free, limited-time trials of commercial products -
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg,, System Safety Monitor  to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.
8)  Take an online privacy test
9)  Set IE Privacy to High - IE > Tools > Internet Options > Privacy
10)  Reset Internet Zone Security to High - IE > Tools > Internet Options > Security > Custom > (Select High) > Reset
Any progress? Are you still working on this? Do you need more information?
JABevanAuthor Commented:
Unfortunately the connectivity problems have kind of killed it.  The client (i.e. customer) has pulled the application back in house because of the slowness.  We're in a situation now where we need to come up with a solution, test, and propose it again.

This is definitely not a malware/spyware/adware issue.  We're using clean boxes for testing and tested the througput on both ends.  I'm still thinking it's a translation issue between the domains.  Again the client (i.e. customer, not client computer...) is on one domain in Colorado, we have setup anotherin North Carolina running this hosted application.  The customer is connecting by VPN and then opening a client of the hosted application which connects to the server side we have here in North Carolina.

Any (specific) suggestions would be definitely be appreciated.

Tim HolmanCommented:
Did you try the MTU suggestion ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.