Cannot Join Domain on Sonicwall TZ170 VPN

Posted on 2006-05-03
Last Modified: 2012-06-27
 I have 2 offices and both offices have sonicwall tz170 installed. I have created a VPN tunnel between 2 offices. I have few XP PRO machines @ Location "XYZ" (remote office) which I am tring to join with server 2003 Domain at Location "ABC" (corporate office). I can ping to the internal gateway IPs of the firewalls which means the VPN is up but when I try to join the domain @ location "XYZ" I get an error message that Domain Controller could not be contacted.

Can anybody help me with this? I have already searched other IT sites including this one but couldnt find the solution, I will appreciate if you can help.
Question by:SyedMAhsan
    LVL 77

    Expert Comment

    by:Rob Williams
    Try adding the IP of your corporate DNS server to the workstations TCP/IP configuration as the primary DNS server . Also under the TCP/IP advanced options on the DNS tab add your Domain suffix, such as mydomain.local to the "DNS suffix for this connection" box. See if that makes a difference.

    Expert Comment

    If you have a DNS server at your remote office, make sure that it has your DNS server at the corporate office listed as a DNS forwarder in the remote office DNS.  That would keep you from having to change it on each of the clients independently.

    Good Luck!

    LVL 3

    Expert Comment

    Joining the computers to the domain in the same physical location works best.

    Also, are you running WINS and do you have the LMHOSTS files set up correctly on the remote computers?

    Rob - sorry i get repetitive, but i find the LMHOSTS issue is VERY common.
    LVL 77

    Expert Comment

    by:Rob Williams
    m1crochip, I don't disagree with LMHosts at all. Great solution for VPNs as NetBIOS names are not broadcast over a VPN. WINS will also work.
    The problems are WINS is not always available anymore with a lot of newer systems, and LMHosts hast to be maintained if connecting to multiple computers. DNS has the advantage of being dynamic and unfortunately necessary if doing anything involving active directory.
    LVL 3

    Expert Comment

    I know, but I haven't seen a way to do it otherwise with a vpn (which does not mean much, I'm not a full-time IT guy and don't get to play that much).  If you know how to make network browsing work without it, please inform me.

    LVL 77

    Expert Comment

    by:Rob Williams
    Actual browsing of the network won't work without WINS, as far as I know, but everything else should work fine with DNS. To get DNS to work over a VPN seems to vary from unit to unit. On commercial grade VPN routers it is quite easy, they are designed for it, and are configurable to do so. The SonicWall should fit into that class, but I haven't used them. There usually are options to add the local DNS servers, WINS servers, and Domain names. The others sometimes take a little tweaking.
    LVL 77

    Expert Comment

    by:Rob Williams
    SyedMAhsan, were you able to try the suggested options?

    Author Comment

    yes I tried the suggestion but it did not work. May be I m  not typing the correct code or something else. thats why I am copying the whole "lmhost" file along the lines I added. check it out and tell me where I am wrong. your help is greatly appreciated.


    # Copyright (c) 1993-1999 Microsoft Corp.
    # This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
    # This file contains the mappings of IP addresses to computernames
    # (NetBIOS) names.  Each entry should be kept on an individual line.
    # The IP address should be placed in the first column followed by the
    # corresponding computername. The address and the computername
    # should be separated by at least one space or tab. The "#" character
    # is generally used to denote the start of a comment (see the exceptions
    # below).
    # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
    # files and offers the following extensions:
    #      #PRE
    #      #DOM:<domain>
    #      #INCLUDE <filename>
    #      #END_ALTERNATE
    #      \0xnn (non-printing character support)
    # Following any entry in the file with the characters "#PRE" will cause
    # the entry to be preloaded into the name cache. By default, entries are
    # not preloaded, but are parsed only after dynamic name resolution fails.
    # Following an entry with the "#DOM:<domain>" tag will associate the
    # entry with the domain specified by <domain>. This affects how the
    # browser and logon services behave in TCP/IP environments. To preload
    # the host name associated with #DOM entry, it is necessary to also add a
    # #PRE to the line. The <domain> is always preloaded although it will not
    # be shown when the name cache is viewed.
    # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
    # software to seek the specified <filename> and parse it as if it were
    # local. <filename> is generally a UNC-based name, allowing a
    # centralized lmhosts file to be maintained on a server.
    # It is ALWAYS necessary to provide a mapping for the IP address of the
    # server prior to the #INCLUDE. This mapping must use the #PRE directive.
    # In addtion the share "public" in the example below must be in the
    # LanManServer list of "NullSessionShares" in order for client machines to
    # be able to read the lmhosts file successfully. This key is under
    # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
    # in the registry. Simply add "public" to the list found there.
    # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
    # statements to be grouped together. Any single successful include
    # will cause the group to succeed.
    # Finally, non-printing characters can be embedded in mappings by
    # first surrounding the NetBIOS name in quotations, then using the
    # \0xnn notation to specify a hex value for a non-printing character.
    # The following example illustrates all of these extensions:
    #     rhino         #PRE #DOM:networking  #net group's DC
    #    "appname  \0x14"                    #special app server
    #    popular            #PRE             #source server
    #    localsrv           #PRE             #needed for the include
    # #INCLUDE \\localsrv\public\lmhosts
    # #INCLUDE \\rhino\public\lmhosts
    # In the above example, the "appname" server contains a special
    # character in its name, the "popular" and "localsrv" server names are
    # preloaded, and the "rhino" server name is specified so it can be used
    # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
    # system is unavailable.
    # Note that the whole file is parsed including comments on each lookup,
    # so keeping the number of comments to a minimum will improve performance.
    # Therefore it is not advisable to simply add lmhosts file entries onto the
    # end of this file.

    (these are the two lines I added as instructed)      giaasrv01      #PRE primary#PRE#DOM:ASI.NET#
    LVL 77

    Accepted Solution

    Note all lines with  #  are comments and can be removed if you wish.
    Try changing to the following, assuming domain name is ASI.NET and primary domain controller is  primary:     giaasrv01     #PRE     primary        #PRE       #DOM:ASI.NET#     "ASI.NET        \0x1b"    #PRE
    Note the spaces are actually tabs, and you must hi enter (carriage return) after each line.
    Thanks to lrmoore; there needs to be exactly 20 characters/spaces between the quotes and end with \0x1b
    Also when you save the file, do so without an extension. It has a .sam (sample) extension prior to this. To be sure there is no extension save with quotes;  "lmhosts"

    To check your LMHosts file entries are accepted at a command prompt enter
      nbtstat  -R
    to purge and reload the local name cache
    then enter
      nbtstat  -c
    to display the current name cache which should include your LMHosts file entries.
    Note; the nbtstat "switches" R & c are case sensitive.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now