Solved

Site to Site VPN - Remote network XP machines can ping SBS Server at HQ but can't /connectcomputer

Posted on 2006-06-10
4
400 Views
Last Modified: 2010-04-19
Hi all,

I have a site to site VPN setup between a remote office (3 XP Pro boxes) and HQ (SBS Server, 8 XP Pro).  I happen to be using Zywall 5's, but I believe this problem is unrelated to the VPN Hardware.

HQ's network is: 10.112.12.x  (SBS Server is 10.112.12.10)
Remote network is: 10.112.14.x

The Zywall is handing out DHCP on the remote network - and is handing out DNS of 10.112.12.10.  The remote boxes can surf the web using the SBS DNS, but can't connect to companyweb or do /connectcomputer.  

For the solution to this issue, I have seen references to adding an IP route on the SBS box, but after an hour of googling - I'm asking for help on how to do that.  

I don't want to have each remote user (on the remote LAN) have to use the software VPN connector - I want them to be using a site to site VPN, so that they're not "remote users" but that they feel like they're on the network.  Also - I'd like the computers on the remote network to be accessible via RWW - which also necessitates the site to site VPN.

Thanks much!

Aaron Booker
0
Comment
Question by:hardlines
4 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16880501
connectcomputer will not run over a VPN connection by design.  The reason for this is that part of connectcomputer's function is to upgrade a workstation to the latest service pack as well as installing software as assigned to workstations.  This could be a lengthy process if it was done remotely, so they've disabled it's funcitonality.

There is a workaround posted at www.smallbizserver.net:  http://www.smallbizserver.net/Default.aspx?tabid=266&ArticleType=ArticleView&ArticleID=83&PageID=89

However, you can also create a VPN Tunnel (Router to Router) which would allow it as well, because then it doesn't know it's on a VPN.

If you want the remote computers accessible via RWW, then you will need to add a second Windows Server 2003 (standard edition) to your network as a domain controller at the remote location.  You can then actually tunnel from that server to the SBS for your VPN.  You should NOT have the Zywall providing DHCP on the remote network... DHCP does much more than just an IP Addresses... they should be getting their networking info from the SBS.

See http://sbsurl.com/multiserver for various solutions to your situation.

Jeff
TechSoEasy
0
 

Author Comment

by:hardlines
ID: 16894471
Jeff,

Problem is solved.  I added the subnet 10.112.14.0 to IIS for the default website.

(Thanks to Marina over on http://www.smallbizserver.net)
Properties of the Default Website, tab Directory Security, IP restrictions, add the remote subdomain.  

I recommend being careful not to restrict access to just the local and remote networks though - as then you'll lose access from home (like I did, by accident) when you implement the fix for the remote office! ;-)

I have a site to site VPN (Tunnel) in place between the two locations - but no companyweb and no /connectcomputer was driving me crazy, as the main office relies on Sharepoint.

Anyway, all solved.  Thanks for your response.

Aaron
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17582877
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now