Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 149
  • Last Modified:

Log in to a Windows domain controller over a router?

Hi all,

     Wonder if you could help me with a situation. I think there's a way to do this, but I've forgotten.

I'm dealing with a client-server network with a couple of domain controllers, in one city. There is a Windows 2000 domain controller and a Windows 2003 server (which I have yet to make a domain controller, but I will). This network is connected to another a peer-to-peer network in another city, over a Cisco router-to-router IPSec VPN.

The peer-to-peer network has been using terminal services up to now, but we would like to get rid of terminal services. The VPN connection is high speed and reliable now, and we would like to have those computers log into the domain controller in the other city, over the VPN.

When I try to set a workstation to join the domain, it cannot find the domain controller. And then I seem to remember that there is something you have to setup. Is there some kind of domain controller relay that you have to set up? Does anyone know how to do this? Obviously we don't want to put another server in the other city. The network is small, and the whole reason for having it log in over the VPN is to avoid putting in another server. Can anyone help with this?

This is fairly urgent, just because we've gotten started. But I'll try to be patient, 'cause I could use the help. It's only the users the would get on my back!

thanks!
0
gs-rho
Asked:
gs-rho
  • 7
  • 6
1 Solution
 
Jay_Jay70Commented:
Hi gs-rho,

first look at dns and connection

are you able to ping the remote DC by name and IP?

Cheers!
0
 
gs-rhoAuthor Commented:
Sorry, had a delay here. Get back to you very soon.
0
 
gs-rhoAuthor Commented:
Seems to me it was a DNS thing. And I played with different scenarios. The only way it seemed to work reliably is if I put in static DNS, in this order:

1 - (primary) domain controller
2 - router IP
3 - (secondary) domain controller
4 - external DNS 1
5 - external DNS 2

The last 2 are really just in case the link goes down and they still have Internet. But honestly, I don't really understand why item 2 helps it work. All I know is that it does. If anyone wants to take any time to help explain it, well, I got some points here that really aren't going anywhere yet, although I think Jay_Jay70 deserves some for trying to help.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
thats ok my friend, if you fixed this yourself, then you don't need to pass out points,

however, if think we need to look at why that router IP makes a difference, does you router handle DHCP?
0
 
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator
0
 
gs-rhoAuthor Commented:
Yes, the router does handle DHCP... however, it looks like the moderators have whipped the carpet out from under this one...(?)
0
 
Jay_Jay70Commented:
ah well lets see if we can fix anyway

in a domain environment, your router should never handle DHCP, its just asking for trouble, you need to set up DHCP on your domain controller and disable ti completely on your router, set your scope options to point to the server for dns, add the isp dns servers as forwarders on your dns propeties, and watch everything work!
0
 
gs-rhoAuthor Commented:
Well, if you don't mind continuing to discuss this (it's up to you, just for fun), I should clarify...
- remember, this is a router-to-router VPN situation...

the router on the main network...
- has the servers (domain controllers) on its LAN
- does not handle DHCP (- that is actually handled by the servers)

the router on the remote network...
- does not have any servers
- does handle DHCP, for that network only

Do you think that the servers on the main network should handle DHCP for the remote network? Is that necessary? Ideal? If so, I would need some kind of relay agent, wouldn't I?
Really, I think the remote router is handling DHCP for the remote network, in case the connection goes down, and leases expire, they can still get Internet. That is an important consideration anyway. Do you have any thoughts about this?
0
 
gs-rhoAuthor Commented:
One more comment... I don't remember... does a DHCP relay agent have to be on a Windows server? Can it be on a Windows workstation? Because it if it's on a Windows server, the cost savings are defeated, and you might as well do the whole domain thing on the remote network.
0
 
Jay_Jay70Commented:
ahh i see i see, i understand what you are getting at then.

with your remote location, can you ping your 2003 server by name and IP at the moment?
0
 
gs-rhoAuthor Commented:
Yup. As I said, the above configuration allows me to set up domain-joined PCs in the remote network that log in over the router-to-router VPN. It needs to be set up this way, though. I find it's also necessary even if I want to allow non-domain PCs to access the exchange server - but that makes it work.
0
 
Jay_Jay70Commented:
sorry mate, am still here just a bit busy atm!
0
 
gs-rhoAuthor Commented:
no problem. we're jus' chattin' now. However, it is helpful.
0
 
Jay_Jay70Commented:
actually, thinking on this i think i remember another case, where even though there was full resolution, the MTU size was causing greif and not allowing domain joining
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now