How can I get GPOs updated through the VPN
Posted on 2009-02-18
Half our organization uses VPN (CheckPoint) to access the internal network and all their stuff. The users are logging locally first (XP SP3) and then running the VPN connection through any Internet connection available (DSL, cable, WiFi, company AirCard..). We don't use the Secure Domain Logon feature from CheckPoint (previous VPN connection to the AD login), since it was way too slow, even with very basic login scripts. I need to ensure that somehow I am able to ensure that the GPOs get updated on all those VPN connected computers.
Everytime I try to run a "gpupdate /force" the CMD output says it is done but the Event Viewer says there was a problem trying to get the domain controller name:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
And no GPO gets updated at all.
I was thinking about adding a post-script on the VPN connection that would trigger a gpupdate for that workstation once it gets connectivity with the AD DCs.
I have confirmed that the DC is able to ping the VPN IP of the computer, but I have also noticed that if the DC tries to get back to the computer using the hostname of the computer, the IP that gets from the DNS is the old (last used) LAN IP, and not the current VPN IP, so there is no reply.
Could you please send some ideas about how to tackle this? Thanks a lot in advance.