How to set up segmented network using SonicWall and VLAN

computerconcepts
computerconcepts used Ask the Experts™
on
I have the need to separate the traffic from a single department.  I have a VLAN set up on a Netgear switch and the new subnet DHCPs off the SonicWall.  The DHCP scope lists the Domain Controller as DNS1 and openDNS for the other 2.  I can log in to the existing domain from a workstation that is on the new VLAN subnet but it doesnt like it.  System Event log is showing a NETLOGON error:
Log Name:      System
Source:        NETLOGON
Date:          8/5/2011 2:01:59 PM
Event ID:      5719
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      workstation.ourdomain.local
Description:
This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.


I can connect to Exchange, browse file shares but this workstation is not accessible from the original subnet.  When i go to add a domain user to my local admin group it only looks locally...the "From this location" section only lists the local PC and not the domain.  I need to be able to share files accross both subnets.  

Please let me know if you need more info.  

Thanks!!!!!!!
Craig
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is Sonicwall doing the routing for you or is the netgear? If the Sonicwall did you create an extra zone for both subnets? If so did you open the firewall access-list to allow traffic both ways?

Oh Is the firewall on on your workstation?

Shareef

Author

Commented:
The sonicwall is handing out DHCP for the VLAN subnet only.  I have a route configured for the VLAN interface (X6) to use the X1 default GW.  SBS2008 is handling DHCP/DNS for the primary subnet. No new zones in the SonicWall. Only entries in firewall are what the SonicWall auto-configured when i set up the X6 interface (HTTPS and HTTP management LAN-LAN).

Ya know, the Windows firewall is on...what do i need to open there?  It's Win7 x64
Disable it for domain and private.
Do they have separate ip subnets?

Author

Commented:
i cant disable it, GP controlled.  I can create exclusions.  

Yes, separate subnets:
Primary = 192.168.5.x

VLAN secondary = 10.0.5.x

Author

Commented:
Anyone have any other ideas?  I added firewall rules int he SonicWall and now I I can access the PC on the 10.0.5x subnet. But i still get the authentication errors in eventlog.

I can even add my domain user account as a local admin on the 10.0.5.x PC now but still the eventlog errors.

I get the error stated above and I also get this error:
Log Name:      Microsoft-Windows-Dhcp-Client/Admin
Source:        Microsoft-Windows-Dhcp-Client
Date:          8/12/2011 11:01:27 AM
Event ID:      1002
Task Category: Address Configuration State Event
Level:         Error
Keywords:      
User:          LOCAL SERVICE
Computer:      YOURPC.yourdomain.local
Description:
The IP address lease 10.0.5.59 for the Network Card with network address 0x001FE2661B01 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" />
    <EventID>1002</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>3</Task>
    <Opcode>76</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2011-08-12T16:01:27.613200000Z" />
    <EventRecordID>37</EventRecordID>
    <Correlation />
    <Execution ProcessID="888" ThreadID="1164" />
    <Channel>Microsoft-Windows-Dhcp-Client/Admin</Channel>
    <Computer>YOURPC.yourdomain.local</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="Address1">991166474</Data>
    <Data Name="HWLength">6</Data>
    <Data Name="HWAddress">001FE2661C07</Data>
    <Data Name="Address2">0</Data>
  </EventData>
</Event>

I'm sure I just havent set something up right but I don't know if i should start with the SonicWall or the SBS 2008 server that is the normal subnet's DC, DNS and DHCP server.
I wanted to clarify, I need PCs on both subnets to log in to the domain controller on subnet 1 (192.168.5.x)

Is that even possible?

Author

Commented:
Please close this ticket as no activity for a while.  Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial