Cannot Join Domain on Sonicwall TZ170 VPN

Posted on 2006-05-03
Medium Priority
Last Modified: 2012-06-27
 I have 2 offices and both offices have sonicwall tz170 installed. I have created a VPN tunnel between 2 offices. I have few XP PRO machines @ Location "XYZ" (remote office) which I am tring to join with server 2003 Domain at Location "ABC" (corporate office). I can ping to the internal gateway IPs of the firewalls which means the VPN is up but when I try to join the domain @ location "XYZ" I get an error message that Domain Controller could not be contacted.

Can anybody help me with this? I have already searched other IT sites including this one but couldnt find the solution, I will appreciate if you can help.
Question by:SyedMAhsan
LVL 78

Expert Comment

by:Rob Williams
ID: 16601853
Try adding the IP of your corporate DNS server to the workstations TCP/IP configuration as the primary DNS server . Also under the TCP/IP advanced options on the DNS tab add your Domain suffix, such as mydomain.local to the "DNS suffix for this connection" box. See if that makes a difference.

Expert Comment

ID: 16602694
If you have a DNS server at your remote office, make sure that it has your DNS server at the corporate office listed as a DNS forwarder in the remote office DNS.  That would keep you from having to change it on each of the clients independently.

Good Luck!


Expert Comment

ID: 16609842
Joining the computers to the domain in the same physical location works best.

Also, are you running WINS and do you have the LMHOSTS files set up correctly on the remote computers?

Rob - sorry i get repetitive, but i find the LMHOSTS issue is VERY common.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

LVL 78

Expert Comment

by:Rob Williams
ID: 16610334
m1crochip, I don't disagree with LMHosts at all. Great solution for VPNs as NetBIOS names are not broadcast over a VPN. WINS will also work.
The problems are WINS is not always available anymore with a lot of newer systems, and LMHosts hast to be maintained if connecting to multiple computers. DNS has the advantage of being dynamic and unfortunately necessary if doing anything involving active directory.

Expert Comment

ID: 16610484
I know, but I haven't seen a way to do it otherwise with a vpn (which does not mean much, I'm not a full-time IT guy and don't get to play that much).  If you know how to make network browsing work without it, please inform me.

LVL 78

Expert Comment

by:Rob Williams
ID: 16610539
Actual browsing of the network won't work without WINS, as far as I know, but everything else should work fine with DNS. To get DNS to work over a VPN seems to vary from unit to unit. On commercial grade VPN routers it is quite easy, they are designed for it, and are configurable to do so. The SonicWall should fit into that class, but I haven't used them. There usually are options to add the local DNS servers, WINS servers, and Domain names. The others sometimes take a little tweaking.
LVL 78

Expert Comment

by:Rob Williams
ID: 16757018
SyedMAhsan, were you able to try the suggested options?

Author Comment

ID: 16897381
yes I tried the suggestion but it did not work. May be I m  not typing the correct code or something else. thats why I am copying the whole "lmhost" file along the lines I added. check it out and tell me where I am wrong. your help is greatly appreciated.


# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      \0xnn (non-printing character support)
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
# The following example illustrates all of these extensions:
#     rhino         #PRE #DOM:networking  #net group's DC
#    "appname  \0x14"                    #special app server
#    popular            #PRE             #source server
#    localsrv           #PRE             #needed for the include
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.

(these are the two lines I added as instructed)      giaasrv01      #PRE primary#PRE#DOM:ASI.NET#
LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 16897591
Note all lines with  #  are comments and can be removed if you wish.
Try changing to the following, assuming domain name is ASI.NET and primary domain controller is  primary:     giaasrv01     #PRE     primary        #PRE       #DOM:ASI.NET#     "ASI.NET        \0x1b"    #PRE
Note the spaces are actually tabs, and you must hi enter (carriage return) after each line.
Thanks to lrmoore; there needs to be exactly 20 characters/spaces between the quotes and end with \0x1b
Also when you save the file, do so without an extension. It has a .sam (sample) extension prior to this. To be sure there is no extension save with quotes;  "lmhosts"

To check your LMHosts file entries are accepted at a command prompt enter
  nbtstat  -R
to purge and reload the local name cache
then enter
  nbtstat  -c
to display the current name cache which should include your LMHosts file entries.
Note; the nbtstat "switches" R & c are case sensitive.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question