[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot join a domain after establishing VPN connection

Posted on 2004-11-26
14
Medium Priority
?
3,339 Views
Last Modified: 2010-04-10
I am assigning IP addresses in my router to the VPN clients. The router is also doing DHCP for machines in the office. After I connect, I am unable to join the domain. I get "a domain controller for the domain (domain name) could not be contacted".I therefore cannot see any other machines on the network. If I go to DOS and run the nbtstat command, I can map network drives, but I need to be able to access other machines on the network (I'm using Act! and need to share contacts with people outside the office - Act uses machine name to share the database).

I was running WINS - but I don't know much about it or if it is still running since my server is not doing the DHCP any longer (the router is doing it now). I turned off DHCP on the server to avoid a conflict with the router.

When I'm in the office with my laptop and on my network, I can join the domain and see all the other machines that are shared.

Can you direct me to the proper setup to make this all work? I have spent all day browsing the articles that seemed to apply, but did not find this particular situation.  I tried changing the subnet mask in the router IP addresses from 255.255.255.255 to 255.255.255.0, but then the VPN connection would connect and immediately drop.

Thanks.

0
Comment
Question by:mgerney
  • 6
  • 3
  • 2
  • +2
14 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 12683753
Try setting up a LMHOSTS file on the remote machine. All you really need is the 2 entries for the domain controller:

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 

Does your router DHCP give the client the proper DNS IP address? Can it give out a WINS address? If it can give out a WINS address, try adding the old server's IP address.

Why does it work in the office, not over VPN? Because netbios broacasts work on the local LAN to help find the systems and there is a "master browser" elected that helps you find others. These broadcasts are not propogated across that VPN tunnel, so you have to tell your PC at least who the "master browser" is - that is always the domain controller..
0
 

Author Comment

by:mgerney
ID: 12687604
I added the LMHOSTS file, but still cannot join the domain or find the domain controller, or see any of the other computers on the network.

I believe the router is assigning the correct IP address. Its a Netopia router, which says it can "do Netbios thereby eliminating the need for an LMHosts file or WINS server" but I have yet to find the documentation that sets that up. Likewise, I do not know if it can find the WINS server - there is an entry to tell it what the IP address is to "Serve Netbios Name Server" - I put in the address of the WINS server (which is the same as my PDC - is that a problem?), but it did not seem to make a difference. Maybe that is not the right WINS address. I'll try again.




0
 
LVL 4

Expert Comment

by:carl-
ID: 12693023
When you start up your VPN, your IP Address appears to be at the remote site, not at your local site.  Most likely your local sites firewall is blocking it from coming back?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:mgerney
ID: 12695824
I'm not running a firewall locally. The vpns in the router are set up to assign an IP based on username. I ran winsadmin.exe and checked the WINS server database and my machine name and ip address appeared in there. Also the domain, and the server machine, appear in the database. So I think the WINS server is running and working. I created a LMHosts file according to the documentation and put that on the server.

I can log onto the server and map drives (albeit, I have to run nbtstat -a <server address> first). As I said, I need to find the machine name in order to share the ACT database.

I have XP Pro on my laptop, and on my desktop. I'm also running 2000 on the desktop and cannot find the domain using that either. I am not running DNS on the server - do I need to set that up?

I'm also going to try to find a 98 machine and see if it has the problem or if it is an XP/2000 problem. Thanks.
0
 

Author Comment

by:mgerney
ID: 12700315
I redid the LMHosts file and made sure the WINS server was running since I'm physically at the office today. Having done all that, I used a dial-up account on my laptop and was able to connect via the VPN and could then join the domain.

However, when I tried to replicate this from my desktop at home - no luck. So, I'm half-way there.

Tonight I will take the laptop home, rejoin my home network workgroup and then see if I can get back into the domain at the office over the VPN. Seems like there has got to be an answer for this.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12700373
Just make sure that your home LAN subnet is different than the subnet with the domain at work.
I.e, is your home LAN 192.168.1.x, and your company LAN also 192.168.1.x ?
0
 

Author Comment

by:mgerney
ID: 12707476
My office network is a 10.0.0.x and my home network is 192, etc.

Once I rejoined the Workgroup, I could not rejoin the Domain from home.

I think my goal of sharing an Act database will work as long as I keep my laptop as part of the domain, even though the other remote machine cannot join the domain, as long as they can login to the server, I think it will work. I am doing one more test today.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12707873
Here's a thought - rename your home workgroup the same as your domain.. works for me..
0
 

Author Comment

by:mgerney
ID: 12709285
I did try that. I also tried appending the domain name to the name of the machine. Then I could see the other machines in the domain, but could not access them, in order to update the Act database.
0
 
LVL 2

Assisted Solution

by:pcavenue
pcavenue earned 300 total points
ID: 12721921
i think lrmoore had it when he said....

"Does your router DHCP give the client the proper DNS IP address"

i didnt see your responce on that comment.  i would go one further, on the remote computer, stadically put in the dns servers ip address as the primary dns entry, then the seccond and third entry should be the remote clients true dns addresses.

if this works, its lrmoores points, but can i have at least one point, ive never gotten a pont yet, and ive been awnsering for days.  although maybee theres a reason for that...

dan

0
 

Author Comment

by:mgerney
ID: 12728380
I'm not running a dns server here - I was relying only on a WINS Server. That may be part of the problem.

However, in desperation, I called Act to find out that they don't support synchronization over NT, only over 2000 and higher. So, I'm sending it back and looking for another contact management solution. So I don't need to spend any more time trying to get this to work.

Thanks anyway for all your help.
0
 
LVL 2

Expert Comment

by:pcavenue
ID: 12730607
if you have a 2000 or 2003 server you are running a dns server, its the only way your domain can exist.  dns and active directory have a sick simbiodic relationship.  check it out, domain existance requires a fully functional dns server to be.

if your really appreciative to all of us, can you split the points to all of us for our hard work????  or if i had to pick a winner, it would be that lmmoore dude i pointed out earlier.

-dp
0
 

Expert Comment

by:Suellen_Thayer
ID: 12904788
A note about sharing Act over a VPN.  I just read on the Act site that it is not supported.  But not sure why.  I would like to set it up for a client over a their vpn.

Does it now work for you okay?
0
 

Expert Comment

by:Suellen_Thayer
ID: 12904791
Oh, sorry. Didn't read all the previous posts!
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question