Solved

Site to Site VPN - Remote network XP machines can ping SBS Server at HQ but can't /connectcomputer

Posted on 2006-06-10
4
403 Views
Last Modified: 2010-04-19
Hi all,

I have a site to site VPN setup between a remote office (3 XP Pro boxes) and HQ (SBS Server, 8 XP Pro).  I happen to be using Zywall 5's, but I believe this problem is unrelated to the VPN Hardware.

HQ's network is: 10.112.12.x  (SBS Server is 10.112.12.10)
Remote network is: 10.112.14.x

The Zywall is handing out DHCP on the remote network - and is handing out DNS of 10.112.12.10.  The remote boxes can surf the web using the SBS DNS, but can't connect to companyweb or do /connectcomputer.  

For the solution to this issue, I have seen references to adding an IP route on the SBS box, but after an hour of googling - I'm asking for help on how to do that.  

I don't want to have each remote user (on the remote LAN) have to use the software VPN connector - I want them to be using a site to site VPN, so that they're not "remote users" but that they feel like they're on the network.  Also - I'd like the computers on the remote network to be accessible via RWW - which also necessitates the site to site VPN.

Thanks much!

Aaron Booker
0
Comment
Question by:hardlines
4 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16880501
connectcomputer will not run over a VPN connection by design.  The reason for this is that part of connectcomputer's function is to upgrade a workstation to the latest service pack as well as installing software as assigned to workstations.  This could be a lengthy process if it was done remotely, so they've disabled it's funcitonality.

There is a workaround posted at www.smallbizserver.net:  http://www.smallbizserver.net/Default.aspx?tabid=266&ArticleType=ArticleView&ArticleID=83&PageID=89

However, you can also create a VPN Tunnel (Router to Router) which would allow it as well, because then it doesn't know it's on a VPN.

If you want the remote computers accessible via RWW, then you will need to add a second Windows Server 2003 (standard edition) to your network as a domain controller at the remote location.  You can then actually tunnel from that server to the SBS for your VPN.  You should NOT have the Zywall providing DHCP on the remote network... DHCP does much more than just an IP Addresses... they should be getting their networking info from the SBS.

See http://sbsurl.com/multiserver for various solutions to your situation.

Jeff
TechSoEasy
0
 

Author Comment

by:hardlines
ID: 16894471
Jeff,

Problem is solved.  I added the subnet 10.112.14.0 to IIS for the default website.

(Thanks to Marina over on http://www.smallbizserver.net)
Properties of the Default Website, tab Directory Security, IP restrictions, add the remote subdomain.  

I recommend being careful not to restrict access to just the local and remote networks though - as then you'll lose access from home (like I did, by accident) when you implement the fix for the remote office! ;-)

I have a site to site VPN (Tunnel) in place between the two locations - but no companyweb and no /connectcomputer was driving me crazy, as the main office relies on Sharepoint.

Anyway, all solved.  Thanks for your response.

Aaron
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17582877
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question