Problem logging into remote domain over VPN

I have a hardware (router to router) VPN which seems to be working fine. I can browse the office network and see the server (PDC) and all the other PCs, which log into the PDC with no problem.

I can send reports to a remote IP printer, and I can even run a remote desktop session with NetMeeting on the PDC server. The problem is that the remote laptop only logs into the domain form time to time (seems intermittent) and the most important function of the network is accessing the shares on the server.

There is nothing in the log files on the server, but I get boot-time messages on the laptop like:

"Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted."

"Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted. Enrollment will not be performed."

This seems to suggest the PDC cannot be contacted, which is bizarre because I can see it in the network browser and ping it from a command prompt.

Yesterday (Monday) for no apparent reason, I was able to work freely with the network shares all day but today they're not accessible even though nothing appears to have changed at either end of the VPN link.

Please help if you can.



mjlaneAsked:
Who is Participating?
 
Rob WilliamsCommented:
Can you resolve the name? This may be a DNS issue. Try at a command prompt from the remote machine:
  nslookup  YourServerName
It should return the ServerName and IP. If not first try adding the company's DNS server's IP under TCP/IP properties of your network adapter, under DNS servers.
If still no luck, you will need to solve name resolution over the VPN. Let us know and we can further address if that appears to be the problem, or have a look at the following link. I had posted a series of name resolution solutions there:
http://www.experts-exchange.com/Networking/Q_21777774.html
0
 
ian_chardCommented:
One thing to check is the local policy for autoenrollment:

Go to start/run and type gpedit.msc
Browse through computer configuration/windows settings/public key policies and check the autoenrollment settings, by default they are set to automaticall enroll, so you may need to change this back if it's different. This is a long shot as it looks like you're not being able to contact the DC, but worth a try first and then posting back if it's not working.

Thanks
Ian
0
 
mjlaneAuthor Commented:
Nothing changed in there. It's true that I cannot "contact" the DC, although I can see it (see error messages received at startup), even though the VPN is permanently on and passing traffic between the subnets.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Sam PanwarSr. Server AdministratorCommented:
Start your troubleshooting by taking a look at the event viewer. Go to Start/Run and type   eventvwr.msc   and press OK. In the Event Viewer, click the three modules in the left side menu and look for any "X" error messages that coincide with the time this problem last occured. If one is found,
double click the error to see the details.

You can see the error solution here
http://www.microsoft.com/technet/support/ee/ee_advanced.aspx

http://www.eventid.net/


"Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted."



This is mostly like DNS issue and it occurs because the client may not be able to reach the DNS or the configured preferred DNS server on the client is not valid. If all XP computers have the same problem, check the DNS server settings; if only a few xp computers have this problem, make sure they have correct DNS settings. You may use ipconfig or nslookup to troubleshoot.

For more information, go to  http://www25.brinkster.com/ChicagoTech


"Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted. Enrollment will not be performed."



Most of these errors revolve around a possible problem with the domain
controller. It may also be a problem with renewing the CA. Here are a few
articles with some things to check for help in troubleshooting the problem.
Problems When the Autoenrollment Feature Cannot Reach an Active Directory Domain Controller:
http://support.microsoft.com/?kbid=310461 
The Auto-Enrollment Objects Do Not Work When a Certification Authority Certificate Is Renewed:
http://support.microsoft.com/?kbid=270048 
PRB: Cannot Connect to Domain Controller and Cannot Apply Group Policy with Gigabit Ethernet Devices:
http://support.microsoft.com/?kbid=326152 
Event ID 1054 Is Logged in the Application Event Log:
http://support.microsoft.com/?kbid=298656 

0
 
mjlaneAuthor Commented:
DNS it surely was! Thanks - hope neither of you mind me splitting the points.
0
 
Rob WilliamsCommented:
Glad you were able to "resolve"  < groan  :-)  >
Thanks for the points,
--Rob
0
 
Rob WilliamsCommented:
ps- Curious as to why the B grade?
0
 
mjlaneAuthor Commented:
Force of habit, sorry. I seem to have a problem in giving anyone top marks - just ask my kids. Can I change my mind?
0
 
Rob WilliamsCommented:
Don't worry about it I was just curious, as to whether we left anything out.
Thanks for the reply, have a great day!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.