logon onto sbs 2003 over vpn xp pro

hi all.

i want to connect a machine at home to the office network using the vpn.

this is connecting fine. now i want to set the connection up so that when the computer boots it prompts for a login password for the domain (as if in the office)  and then connects getting the users outlook exchange settings, file shares etc.

any ideas on how i do this please?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Create a VPN connection "for all users".  Disaable the Welcome Screen.  When logging in with all options available your should see a check box "Log on using Dial-Up Networking".  Check it.  You will be prompted for VPN credentials, once the VPN is established, you will be prompted for normal XP logon credentials, use the proper domain and domain credentials.

One problem often with VPN connectoids is that they cannot see the server for the login.  Modify the Internet Protocal properties of the VPN connection and set a DNS and WINS server address to an appropriate server on the domain network.
flynnyAuthor Commented:
hi thanks for the reply.

canyou give me some more details on how to do this please. when you say create the VPN connection for all users i assume i have done this, as when i followed the connection wizard one of the bullets before finishing said share this connection with all users?

> disable the welcome screen - done from user accounts

> When logging in with all options available your should see a check box "Log on using Dial-Up Networking". - how will i get this up? i dont get these option when loggin on. i simply get the userpassword box clicking more options doesnt allow me to do any more?

thanks again for all your help.
Is the machine joined to the domain?  It will need to be to do what you want to do.

To join, login as an administrator, start the vpn connection.  Go to properites of My Computer and join it to the domain.

Reboot the computer and see if the checkbox is now there.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

To simply get to file shares, Exchange etc, there is a way without using the "logon using" option and does not need to have machine joined to domain.

You will need to either setup up VPN RAS on an office server or you can set up a router that is capable of authenticating through RADIUS to your DC.  In this scenario, the VPN connection sets up with your authentication with the domain.

If you simply connect the VPN as client-to-site with no server authentication, you can still access network resources, but you will be prompted for network credentials, perhaps multiple times.
flynnyAuthor Commented:
hi thanks for the replies.

yes, the VPN is setup and connected (i can see this under the connections).

however i tried adding the computer to the domain but its saying the server cannot be found?

is there any reason why this is happening? i cant seem to ping the server either.
WRT adding computer to domain:  Sorry, the easiest way to do this is by the 2nd paragraph in my last reply.  There are ways to do it with lmhosts, but i can't seem to get that to work 3 times out of 4.

WRT not being able to ping the server.  Did you set up DNS and WINS as suggested above?  If so, then modify the Internt Protocol properties of the VPN connection and on the DNS table, fill in the box "add this domain suffix" and add the internal domain name.  Then try to ping.
flynnyAuthor Commented:
hi there i think i have.

i go to networking tab ->

internet protocol (TCP/IP) -> properties -> advanced -> DNS

here  add the ip of the sbs 2003 server (i.e. in this case). now again it still connect ok

but i still cannot ping the server or join the domain.

am i missing something?

flynnyAuthor Commented:
sorry just to add  i also added the sbs ip for thw WINS address
Alan HardistyCo-OwnerCommented:
If you are not part of the domain, you will have to join the domain, but will have to be connected via the VPN to the server first and DNS will need to point to the server to allow the joining of the domain to work.
Once connected to the domain, you can then force the use of the Dial-Up connection at logon by following the instructions in the KB article:
The logon using Dial Up Connection box will only appear once your computer is part of the domain.
flynnyAuthor Commented:
hi thanks for the comment alan,

ok i've tried joining the domain, but it says it cannot see the domain when i try to join it.

i've connected to the server ok with the dns under the ip on the connection pointing to the ip of the server.

if theres any further information you need let me know.

Alan HardistyCo-OwnerCommented:
Are you using the same ip address range on your local lan as the office lan?  If so you need to change to a different range.
flynnyAuthor Commented:
hi thanks for the reply,

yes i have just check and both are running on 192.168.1.xx

just to confirm before i try anything. i would be easier to change the ip range on the home machine. which i will need to do through the router.

should it just be a case of changing the ip range on the router, give it a reset and then try pinging the server again?

should i set it to say 192.168.0.xx?

once again thanks for all your support.
If your VPN connection is not being authenticated to a domain server, either by RADIUS or as a RAS VPN connection, I believe that you will need to modify your LMHOSTS file to configure the address of the domain controller, http://www.redtrianglerecords.com/lmhosts.htm.  You will also need to make sure that NETBIOS over TCP is enabled on the client VPN.
flynnyAuthor Commented:
hi thanks for that.

ok i've been on the router and changed the ip range for the home computer. so the ip range at the office is 192.168.1.xx and at home its 192.168.0.xx.

however i have tried pinging the server ip on the work network and it still isnt seeing it?

under the internet protocol (TCP/IP) Proterties -> Advanced -> WINS

Enable LMHOSTS lookup is checked.
Enable NetBIOS over TCP is enabled.

going back to configuring the resolution of the domain controller do you mean i need to add an entry into lmhost file. e.g.

<server ip address at work>    <server name>   #PRE     #DOM:<domain name>

many thanks for your quick reply


flynnyAuthor Commented:
great restarting the machine allowed me to ping the server! great.

(this was without adding to the lmhosts file.

Ok, nearly there now. so when i boot the machine up i get the log on screen and i log onto the domain as the user would in the office.

The final problem is that whilst the computer is connected to the network the shares and email are not connecting?

any ideas why?

thanks again for all your help alan.

Alan HardistyCo-OwnerCommented:
You need to make sure that you are pointing your local PC's DNS servers to the server or modify the lmhosts.sam file located in c:\windows\system32drivers\etc.
Once your PC knows where the server is - you will be able to map drives happily. I always add the IP / server name to the LMHOSTS.SAM file - which speeds up access 5-fold, but DNS should do the same.
You can set the DNS servers on the TCP/IP settings of the VPN connection - this should allow you to use your local DNS when not connected - heaven forbid that you would do such a thing!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
flynnyAuthor Commented:
Thanks for that.

it seemed to be a stupid error (sorry!) i needed to restart the server after allowing a vpn connection from the registered machine under server management ( i changed this setting but it looks as though it didnt take effect until after the reboot.)

great ok. everything seems to be working. its is rather slow though (connecting to the mapped drive and email.)

so i assume by adding the server address in the followign format may speed this up?

<server ip address at work>    <server name>   #PRE     #DOM:<domain name>

is there anything else i can do to speed things up?

many thanks for all your help on this youve been a god send!

Alan HardistyCo-OwnerCommented:
The LMHOSTS.SAM modification will speed things up 5-fold.  You only need the IP and SERVERNAME in the file.
Once added, reboot, reconnect and watch the speed!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.