troubleshooting Question

SonicWALL Global VPN Client Issue: Could not find domain controller for this domain

Avatar of Masterrer
MasterrerFlag for Lithuania asked on
VPNDHCPWindows Server 2008
21 Comments2 Solutions12766 ViewsLast Modified:
Hi guys.

I'm having an issue that I need to resolve ASAP. I've been up till 3am trying to figure out whats wrong, hope you can help.

I'm trying to connect a Windows 7 Enterprise Client to a 2008 R2 Domain Controller via VPN
using SonicWALL GVC v4.2.6.0305, RADIUS and DHCP pass through

I am able to connect to the router, authenticate using domain user credentials, and recieve correct IP, Gateway and DNS

But I am unable to ping any ip on the domain network except the gateway

Here is a sample log for the SonicWALL client:
 01:57:14:821	<local host>	The connection "xxxxx.net" has been enabled.
 01:57:17:535	xxx.59.13.178	Starting ISAKMP phase 1 negotiation.
 01:57:17:675	xxx.59.13.178	Starting aggressive mode phase 1 exchange.
 01:57:17:675	xxx.59.13.178	NAT Detected: Local host is behind a NAT device.
 01:57:17:675	xxx.59.13.178	The SA lifetime for phase 1 is 28800 seconds.
 01:57:17:675	xxx.59.13.178	Phase 1 has completed.
 01:57:17:784	xxx.59.13.178	Received XAuth request.
 01:57:17:784	xxx.59.13.178	XAuth has requested a username but one has not yet been specified.
 01:57:17:784	xxx.59.13.178	Sending phase 1 delete.
 01:57:17:784	xxx.59.13.178	User authentication information is needed to complete the connection.
 01:57:17:816	<local host>	An incoming ISAKMP packet from xxx.59.13.178 was ignored.
 01:57:25:958	xxx.59.13.178	Starting ISAKMP phase 1 negotiation.
 01:57:26:192	xxx.59.13.178	Starting aggressive mode phase 1 exchange.
 01:57:26:192	xxx.59.13.178	NAT Detected: Local host is behind a NAT device.
 01:57:26:192	xxx.59.13.178	The SA lifetime for phase 1 is 28800 seconds.
 01:57:26:192	xxx.59.13.178	Phase 1 has completed.
 01:57:26:270	xxx.59.13.178	Received XAuth request.
 01:57:26:270	xxx.59.13.178	Sending XAuth reply.
 01:57:26:286	xxx.59.13.178	Received initial contact notify.
 01:57:26:364	xxx.59.13.178	Received XAuth status.
 01:57:26:364	xxx.59.13.178	Sending XAuth acknowledgement.
 01:57:26:364	xxx.59.13.178	User authentication has succeeded.
 01:57:26:442	xxx.59.13.178	Received request for policy version.
 01:57:26:442	xxx.59.13.178	Sending policy version reply.
 01:57:26:520	xxx.59.13.178	Received policy change is not required.
 01:57:26:520	xxx.59.13.178	Sending policy acknowledgement.
 01:57:26:520	xxx.59.13.178	The configuration for the connection is up to date.
 01:57:26:582	xxx.59.13.178	Starting ISAKMP phase 2 negotiation with 172.20.40.0/255.255.255.0:BOOTPC:BOOTPS:UDP.
 01:57:26:582	xxx.59.13.178	Starting quick mode phase 2 exchange.
 01:57:26:769	xxx.59.13.178	The SA lifetime for phase 2 is 28800 seconds.
 01:57:26:769	xxx.59.13.178	Phase 2 with 172.20.40.0/255.255.255.0:BOOTPC:BOOTPS:UDP has completed.
 01:57:27:019	<local host>	Renewing IP address for the virtual interface (00-60-73-2F-68-56).
 01:57:27:518	<local host>	The virtual interface has been added to the system with IP address 172.20.40.122.
 01:57:27:596	<local host>	The system ARP cache has been flushed.
 01:57:27:674	xxx.59.13.178	NetWkstaUserGetInfo returned: user: klamsr, logon domain: XXXXX, logon server: SKLA-DC01
 01:57:42:306	xxx.59.13.178	NetGetDCName failed: Could not find domain controller for this domain.

I then made a reservation on the DHCP to give a specific IP to the VPN virtual MAC, and the connection went through, and I could ping and see all network computers, heres is the log:
  02:00:58:902	<local host>	The connection "xxxxx.net" has been enabled.
 02:01:01:663	xxx.59.13.178	Starting ISAKMP phase 1 negotiation.
 02:01:01:788	xxx.59.13.178	Starting aggressive mode phase 1 exchange.
 02:01:01:788	xxx.59.13.178	NAT Detected: Local host is behind a NAT device.
 02:01:01:788	xxx.59.13.178	The SA lifetime for phase 1 is 28800 seconds.
 02:01:01:788	xxx.59.13.178	Phase 1 has completed.
 02:01:01:866	xxx.59.13.178	Received XAuth request.
 02:01:01:866	xxx.59.13.178	XAuth has requested a username but one has not yet been specified.
 02:01:01:866	xxx.59.13.178	Sending phase 1 delete.
 02:01:01:866	xxx.59.13.178	User authentication information is needed to complete the connection.
 02:01:01:913	<local host>	An incoming ISAKMP packet from xxx.59.13.178 was ignored.
 02:01:08:433	xxx.59.13.178	Starting ISAKMP phase 1 negotiation.
 02:01:08:652	xxx.59.13.178	Starting aggressive mode phase 1 exchange.
 02:01:08:652	xxx.59.13.178	NAT Detected: Local host is behind a NAT device.
 02:01:08:652	xxx.59.13.178	The SA lifetime for phase 1 is 28800 seconds.
 02:01:08:652	xxx.59.13.178	Phase 1 has completed.
 02:01:08:714	xxx.59.13.178	Received XAuth request.
 02:01:08:714	xxx.59.13.178	Sending XAuth reply.
 02:01:08:730	xxx.59.13.178	Received initial contact notify.
 02:01:08:808	xxx.59.13.178	Received XAuth status.
 02:01:08:808	xxx.59.13.178	Sending XAuth acknowledgement.
 02:01:08:808	xxx.59.13.178	User authentication has succeeded.
 02:01:08:886	xxx.59.13.178	Received request for policy version.
 02:01:08:886	xxx.59.13.178	Sending policy version reply.
 02:01:08:964	xxx.59.13.178	Received policy change is not required.
 02:01:08:964	xxx.59.13.178	Sending policy acknowledgement.
 02:01:08:964	xxx.59.13.178	The configuration for the connection is up to date.
 02:01:09:042	xxx.59.13.178	Starting ISAKMP phase 2 negotiation with 172.20.40.0/255.255.255.0:BOOTPC:BOOTPS:UDP.
 02:01:09:042	xxx.59.13.178	Starting quick mode phase 2 exchange.
 02:01:09:198	xxx.59.13.178	The SA lifetime for phase 2 is 28800 seconds.
 02:01:09:198	xxx.59.13.178	Phase 2 with 172.20.40.0/255.255.255.0:BOOTPC:BOOTPS:UDP has completed.
 02:01:09:369	<local host>	Renewing IP address for the virtual interface (00-60-73-2F-68-56).
 02:01:11:616	<local host>	The virtual interface has been added to the system with IP address 172.20.40.200.
 02:01:11:725	<local host>	The system ARP cache has been flushed.
 02:01:11:943	xxx.59.13.178	NetWkstaUserGetInfo returned: user: klamsr, logon domain: XXXXX, logon server: SKLA-DC01
 02:01:26:950	xxx.59.13.178	NetGetDCName failed: Could not find domain controller for this domain.
 02:01:31:022	xxx.59.13.178	NetUserGetInfo returned: home dir: F:, remote dir: \\kla-dc-01\martin, logon script: logon.bat

As you can see in the last line it resolved the homedir, but after disconnecting and connecting again the problem returned
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 21 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 21 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros