Solved

Adding A System connected via VPN to domain.

Posted on 2009-07-14
6
193 Views
Last Modified: 2012-05-07
I have a system that I added to my domain over a VPN connection. It successfully added, but after restart when I try to login to a domain account, it says it cannot locate a domain controller (makes since since I can't run the VPN client to connect to my network until I'm actually logged into the computer) Is there a way around this? Or does the system actually need to be physically connected to my network first?
0
Comment
Question by:Methodman85
  • 2
  • 2
  • 2
6 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 24851602
Once the computer has joined a domain, there is a check box option in the logon box that allows for a dial-up connection. If you are using a Windows VPN check that box and during logon and you will be presented with a list of dial-up and/or VPN connections. Choose the appropriate VPN connection, and it will connect and authenticate before logging into the PC so that the domain is present at logon, allowing for group policy to be applied, and logon scripts executed.
0
 
LVL 1

Author Comment

by:Methodman85
ID: 24851818
And if it's not a Windows based VPN?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24851973
That option only works with Windows VPN client.
Seems to me Cisco has a similar option, though it works differently, but it is the only other I know of.

However, normally you can log onto the PC using cached credentials, and then connect the VPN. Though this allows you access to resources, it does not apply group policies or run logon scripts.
I suspect the issue is that until you have logged in once to the domain, there are no cached credentials. Is it possible to set up a Windows VPN connection just long enough for one connection, or visit the site long enough to log on?

If not you can use a local non domain account, and then connect the VPN, however that negates any advantages of joining the domain, but it does allow access to reources.

0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 7

Expert Comment

by:LBizzle
ID: 24853571
System should not NEED to be connected to the network as the profile should be cached locally for instances just like this. So if the network goes down people can still accomplish some work being able to login locally.

Is the domain (Is primary Domain controller) Windows 2000 or 2003? Is the Machine XP?
0
 
LVL 7

Assisted Solution

by:LBizzle
LBizzle earned 250 total points
ID: 24853628
RobWill is correct, one of the Options of the Cisco client is a check box to launch VPN client before logging in. In the Cisco client under Options is Windows Logon Properties, there is a check box to  Enable start before login.
0
 
LVL 1

Author Comment

by:Methodman85
ID: 25024132
Thank you both.
The login couldn't be cached since there has never been a successful login, the system was remotely added to the domain, therefore after reboot was the first actual login to the domain, that's why I needed the VPN connection beforehand.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question