Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 863
  • Last Modified:

Win 7 clients cannot connect to SBS 2003 domain via VPN

Any help is welcome.

We have an office with a SBS 2003 server domain with windows XP and windows 7 clients connected to the domain, about 8 clients in all.

We have just setup an office in another city/town (location) which just has internet/broadband and no servers.

The problems I have is that I have moved two of the Windows 7 computers from the main office with the domain to the new office and setup VPN connections (which connect ok) to the main office SBS 2003 server.
I cannot get any of the domain stuff like network shares, a connection to exchange or the intranet (companyweb).

I have also gone into the network id  on the Win 7 PC’s and tried joining the domain and I get the following error, please see attached word doc.

Please note that I have no problems when I connect windows XP to the SBS 2003 domain via VPN from the same office.

Any help would be gratefully received.

Thanks
Mark

 
error.doc
0
Drumbeat1966
Asked:
Drumbeat1966
  • 12
  • 10
  • 4
  • +3
1 Solution
 
akhalighiCommented:
- do you have static IPs set on these machines ? or they are dynamic ?
- what happens if you ping domain DNS name from windows 7 box ?
0
 
pjasnosCommented:
What VPN do you use?
0
 
IanThCommented:
the windows 7 firewall is far better than the windows xp could the windows 7 firewall be stopping it
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Drumbeat1966Author Commented:
I have also tried joining the domain without the .local and get a slightly different error message (attached).

Thanks.
Mark


error2.doc
0
 
Drumbeat1966Author Commented:
Hi

IP's are Dynamic, tried pinging the server name and get ping request could not find host. Tried pinging Google thats ok.

I am using software VPN, not hardware VPN routers.

Thanks
0
 
droydenCommented:
Do you use certificates for authentication aswell as username/password?
0
 
Drumbeat1966Author Commented:
Hi IanTh

I looked at the firewall and I could disable all the connections (home, public and work) but it would not let me disable the domain connection, it was greyed out even though I am loged on as administrator. The next thing I did was to remove the computer from the domain (it was joined to the domain in the main office on the local LAN, not over VPN) and try to join the domain over the VPN connection again, this removed the greyed out domain firewall entry. So now with all firewall connections disabled I am still unable to join the domain over the VPN connection. A new error message is attached.

Thanks
0
 
Drumbeat1966Author Commented:
Hi Droyden

Not as far as I know. When a user connects to the RWW via office.mydomain.com they are just asked for a username and password.

Thanks
0
 
Drumbeat1966Author Commented:
Hi IanTh

I looked at the firewall and I could disable all the connections (home, public and work) but it would not let me disable the domain connection, it was greyed out even though I am loged on as administrator. The next thing I did was to remove the computer from the domain (it was joined to the domain in the main office on the local LAN, not over VPN) and try to join the domain over the VPN connection again, this removed the greyed out domain firewall entry. So now with all firewall connections disabled I am still unable to join the domain over the VPN connection. A new error message is attached.

Thanks

sorry file missing from above.
error3.doc
0
 
akhalighiCommented:
If you cannot ping domain DNS name , it's impossible to join or use resources on that domain . first of all the connection to DNS server whould be fixed.
0
 
Drumbeat1966Author Commented:
Hi
akhaliqhi

I understand that if I cannot ping the DNS name it won't work but what is doing my head in is that a Windows XP computer in the same office is connected via VPN (i got this going the other day) and can connect to the domain network shares on the SBS 2003 server, can veiw the intranet and connect to the SBS 2003 exchange server via outlook.

Sorry I try to be but I am not very good when it comes to this stuff but is the domain DNS name same as the name that appears under when I right click my computer (system properties), computer name tab, full computer name as follows.

NOVUS-DC01.Novus-Rail.local

thanks
0
 
IanThCommented:
so your domain is novus-rail that is not a proper domain name so no wonder you are having problems
0
 
IanThCommented:
so you are trying to connect a remote pc via vpn to novus-rail.local how will that work as the remote pc's isp doesn't know about it
0
 
akhalighiCommented:

I still say , it is DNS . that's all . let's troubleshoot that .

1-Are you sure that your windows 7 box gets the same DNS server as the XP machines ?

try ipconfig /all on a XP box and windows 7 and paste the results .

2- Sometimes windows 7 is unable to resolve addresses where XP can . I have the same issue here . one of the DNS name under an old OU is not getting resolved by windows XP machines.

edit the host file on windows 7 machine and add your domain DNS name with it's ip . then you should be able to ping it and join them to domain.

go under C:\Windows\System32\drivers\etc
edit hosts file with notepad

# localhost name resolution is handled within DNS itself.
#      127.0.0.1       localhost
#      ::1             localhost
<IP address>       FQDN of your domain controller
<IP address>          FQDN of your Domain DNS name

save the file and ping again. if it responds , then join it to domain.

0
 
Drumbeat1966Author Commented:
Hi akhaliqhi

As reqested please find the ipconfig/all from both machines.

Win XP:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS>ipconfig/all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : andycarey-pc
        Primary Dns Suffix  . . . . . . . : Novus-Rail.local
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : Novus-Rail.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connec
on
        Physical Address. . . . . . . . . : 00-0F-FE-AC-78-4C
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.19.56
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.19.1
        DNS Servers . . . . . . . . . . . : 192.168.19.1

PPP adapter {DCBDA41B-6BD5-4C1E-BE1A-185015F40EEF}:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 169.254.233.19
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 169.254.233.19
        DNS Servers . . . . . . . . . . . : 192.168.16.2

C:\WINDOWS>

Win 7:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BRANCH-WKS01
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter NovusMainOffice:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NovusMainOffice
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.44.116(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 1C-6F-65-5C-33-E5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::74d4:e630:fe1a:635b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.19.44(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.19.1
   DHCPv6 IAID . . . . . . . . . . . : 236744549
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-FF-6B-6E-1C-6F-65-5C-33-E

   DNS Servers . . . . . . . . . . . : 192.168.19.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{364B6574-4D76-4E69-9E4A-465CB75ADC75}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3037:3fa6:5601:d38b(Pre
erred)
   Link-local IPv6 Address . . . . . : fe80::3037:3fa6:5601:d38b%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{842E88D8-BB5E-4304-8D34-DFD4C778981A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>

Mean while I will try the localhost.

Thanks
Mark
0
 
IanThCommented:
you not listening its a dns issue how can any pc join the domain if its dns cannot resolve the domain name and your domain name is Novus-Rail.local so how will the windowsw 7 machine know about Novus-Rail.local unless as pointed out above has a host entry

0
 
Drumbeat1966Author Commented:
Hi

I have tried the host file with no luck.

Are these:

<IP address>       FQDN of your domain controller
<IP address>          FQDN of your Domain DNS name

How do I find out the FQDN of my domian controller and the FQDN Domain DNS name. Is the IP address of my domian controller and DNS name the public IP address my isp gave me and how do i check with the ping command.

Thanks
0
 
IanThCommented:
if your domain does not have a domain name and nuvus-rail.local isn't how are you trying to connect the windows 7 machines to the public ip address the isp gave you if so is your router blocking the vpn

Like I said the windows 7 firewall needs configuring for vpn and as your using a software vpn client then is that application configuured in the windows 7 firewall

also if the remote router configured
0
 
Drumbeat1966Author Commented:
Hi IanTh

I am grateful for your input but as I said before I am not very good when it comes to this type of problem so your input is not shedding any light on what I am supposed to be doing.

I can get a VPN connection to the server no problem using win 7 or win xp (I am connected to the SBS 2003 server) so in answer to your question the remote router and SBS 2003 server is ok and setup otherwise I would not be able to connect.

On the windows xp machine I connected to the remote SBS 2003 server via VPN (connection authorised and connected) then I went to the network ID properties and connected the windows xp machine to the SBS 2003 domain remotely, works great no problems.

On the windows 7 machines I do exactly the same, I connect to the remote SBS 2003 server via VPN (connection authorised and connected) but when I go into the network ID properties on the Windows 7 machine that when I get the problem it will not work and I get the errors listed above.

Why is the windows xp machine ok but the windows 7 machines says no I am not playing? You say it maybe the firewall of which I have turned off on the windows 7 machine.

You are firing things at me but not giving me any solutions. Please do not take it the wrong way I am grateful for your input.

If it’s the firewall,  its great you are telling me, but what do I do about it.

Thanks
Mark
0
 
QlemoC++ DeveloperCommented:
Mark,
After you have tried to rejoin, you provided the wrong domain name. You need to use the full domain name, NOVUS-RAIL.LOCAL, not only NOVUS-RAIL . But since you cannot contact the registered domain controller, joining the domain cannot succeed.

After all the changes it is unclear what the actual state is.

You should have the full domain name in your IP DNS settings - if not, add them manually.
Try a   nslookup -d2 -v novus-dc01.novus-rail.local    in a command prompt to see if the name can be resolved. If you know the domain DNS server's IP (it should be 192.168.16.2), add that as an additional argument to the nslookup, if it not succeeds without.
If nslookup gives you a valid IP, try pinging that address.
Post back with the results, please.
0
 
IanThCommented:
the error points to a dns error nuvus-rail.local please tell us how, nuvus-rail.local is the domain controller but it isn't a proper domain name so how in the external client do connect to the sbs 2003


0
 
QlemoC++ DeveloperCommented:
NOVUS-RAIL.LOCAL is a valid Domain Name. It is not valid in NetBIOS terms, but those restrictions have gone long ago with implementing Domain Services via DNS.
0
 
IanThCommented:
if it was a valid domain name I should be able to ping it and I cant the error pointrs to a dns error wth novus-rail.local
0
 
Drumbeat1966Author Commented:
Hi Qlemo

Setting up my VPN network connection with the DNS (192.168.16.2) was the solution I needed and works great, I am now connected to the domain over the VPN connection with network shares, Exchange outlook, but no intranet (companyweb)? I will sort out later.

Fantastic, thanks.

Mark.
0
 
IanThCommented:
so it was dns then wasn't it
0
 
IanThCommented:
oh heck so how does the .local work in dns I have always thought it wasn't a routable domain my dc is called mhn.local
0
 
QlemoC++ DeveloperCommented:
IanTh,

.local is a convention used for "non-routable" domains, that much is true. But like private IPs are unroutable on the Internet, .local is unroutable in public DNS. Using the DNS suffix .local is a valid and very good means to avoid private and public DNS collisions.
0
 
IanThCommented:
yes I understand that my domains dns suffix is .local but how did the asker get his problem working if .local is not routable as his error pointed to a novus-rail.local error which it would as .local is not routable
0
 
QlemoC++ DeveloperCommented:
You are reading something wrong. LDAP was accessible using that domain name. This has been shown in the first error.doc. Further, the domain controller name has been found in DNS, else we would know it.

Don't stick on that "routable" part - if your DNS server is local, or you have created a forwarding entry for that zone, it is "routable" in the sense of well-known. Whenever you have to use local names you need to have a local (= non-public) DNS server as your primary DNS server.
0
 
IanThCommented:
ok I alway though setting up a dc you use .local if you dont have a domain name for the dc
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 12
  • 10
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now