?
Solved

Cannot see computers at remote sites in my network places

Posted on 2006-05-26
17
Medium Priority
?
845 Views
Last Modified: 2010-03-19
I recently upgraded all my firewalls.  I have Sonicwall TZ 150s at the remotes and a TZ170 at the main site.  I have remote sites connected to the main site via site to site VPN.  I have internal WINS and DNS servers at the main site.

The tcp/ip configs are as folllows

main:
192.168.20.xx
255.255.255.0
192.168.20.254

dns:
192.168.20.2
192.168.20.3
wins:
192.168.20.2
192.168.20.3

remotes
192.168.60.xx
255.255.255.0
192.168.60.254
dns:
primary is dns of isp
secondary is dns of isp
third is 192.168.20.2
wins:
192.168.20.2
192.168.20.2

Enable NetBios over TCP/IP is enabled

Netbios broadcasts are enabled in the firewall and in the vpn connection

I did not set our internal dns servers at the main site as the primary and secondary dns for the remotes as I understand dns over a vpn is not recommended.  I set the primary as the third in hopes that this would resolve.

However, when I browse the network, open my domain (all computers are in the same domain and are either W2Ksp4 or XP Pro SP2) i cannot see the computers at the remote sites.  

the browser service and all that jazz is enabled on all pcs

when i browse my domain from one of the remote pcs, i can only see the pcs at the main site.  

When I set the primary dns for the remotes to 192.168.20.2 i am able to see them when i browse my domain, however i don't want to use dns over the vpn

why isn't wins and netbios working?

do i need to rejoin the computer accounts to the domain?

0
Comment
Question by:David Scott, MCSE
  • 7
  • 6
  • 4
17 Comments
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 16770644
If you want your remote workstations to use corporates network resources the Internal/corporate DNS server should be first.
It eould be a good idea to run NetDiag on a PC at the remote site and check for any errors, especially related to WINS. It is available from the Windows resource kit or:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16770945
You do not have to rejoin them to the Domain...

I agree with RobWill.......I dont think you mentioned WINS servers at both sites, so if you have not installed a WINS server at both sites, then do so, and set the WINS servers up as Replication partners....

also make sure that DHCP is sending out the PROPER WINS servers IP address(es).....
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16771010
Should even find the WINS server at the remote site if all is configured properly. WINS works quite well over a VPN usually. Fine to use DNS but may not give you browsing capability, and better geared toward domain functionality.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16771791
Ok, i ran the netdiag with the current ip config and it failed on the domain tests.  i then changed the internal dns to the primary and secondary and ran it again and it passed on all tests.  

My only concern is that when they are using the internet they have to go to the dns server back and forth across the vpn.  Won't this slow down browsing?

I don't have any servers at the remotes, the two wins servers are setup on the two dns servers and are setup for replication
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16771853
I see, well, it MAY slow things down, but then again, it may not be noticeable, that is something you will have to monitor.  I mean, the users at the remote offices are still using their own gateway, so it may not be much of an issue, the only thing happening over the VPN connect is the DNS request itself, not the browsing or downloading.....

are the users at remote sites are already authenticating across the VPN?  I'm assuming you don't have  a DC at their site...the MAIN problem is that you are always depending on the VPN connection being up, if it ever goes down, then they wouldn't be able to login, and might have some issues with DNS, even though you could just make their Secondary DNS the ISP one.....in case the VPN ever went down it would failover to that..
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16771955
yeah, i just did a speed test and the upload speed was significantly effected.  i am going to try making the isp the secondary and test again.

No DC at the remotes.  These are very small offices 2,3,4 people.  Really does not justify servers at their locations.

The vpn rarely goes down.  

Our main application is web based so they wouldn't lose that if the vpn went down

i'll report back on the test

0
 
LVL 3

Accepted Solution

by:
rickyclourenco earned 1000 total points
ID: 16772011
I see, well, good luck, I mean, if its a domain, you kinda have to have them pointing to your DNS.....
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16772063
thanks guys for your help.  i don't think the dns going over the vpn is going to have much of an effect on the bandwidth
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16772080
I don't think so either, because its only making the REQUEST, its not affecting the bandwidth, so the DNS request will slow down....but the actual connection once established should be fine....besides its only 2-5 users....
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16773027
Thanks opie6373.
As for DNS issue I think you will find there is no problem. If you add the computers to the domain you should really only have the corporate DNS server listed, no ISP DNS at all. The ISP would only be listed as forwarder on your DNS server. I have this in many locations, and oddly enough works great.
Cheers,
--Rob
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16775528
i listed both corporate dns servers and i put the dns isp as the third in case the vpn went down they would still be able surf using the isp dns...

oh ps, i do have the dns isp setup as forwarders in my corporate dns

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16775580
>>"i put the dns isp as the third in case the vpn went down they would still be able surf using the isp dns..."
I agree with the theory, but if you join the computers to the domain for some reason it doesn't work that way. It is as if the lookup doesn't always choose the 1st DNS server first. You end up with very slow logons. Rule of thumb, if the computers are a member of the Domain, and the users log onto the Domain, only your private DNS server should be listed on the PC's. The workaround for a dead private DNS server is a another private DNS server at the second site.

>>"i do have the dns isp setup as forwarders in my corporate dns"
Good.
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16789678
ok thanks
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16793256
ok they have the two corporate dsn and wins servers only, no isp

and i did a ipconfig/renew on one of the workstations and when i browse my network places and open my domain they are still not listed.  

i don't get it.

i can ping them by name, i can open them by start, run \\name

why wouldn't they show up in net places????
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16793371
Network places and network neighborhood often do not work over a VPN. It uses NetBIOS names rather than DNS names, which are not broadcast over a VPN. Usually though, if you have a proper WINS server it will work. Make sure on the routers if there is an "enable NetBIOS broadcast" option it is checked.
There actually are not too many cases where you need to browse a remote network.
0
 
LVL 12

Author Comment

by:David Scott, MCSE
ID: 16793396
yeah, the netbios is enabled.

apparently it takes some time for the net places to refresh as i just checked again and now the pc i did the ipconfig/renew on is showing in there.

you're right though, not something i really need i'm just anal and it was bugging me for some reason

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16793479
Yes sorry it does take a while for all computers to "report in".
I agree there are a few time where it is very nice to have. Once shares and such are set up, it is not necessary but sometimes when you can't remember the name of a PC, it is convenient.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question