Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1030
  • Last Modified:

Server 2008 R2 does not issue DHCP when connecting from outside the office

Problem Description:
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server

The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.

RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.

My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.

Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.

P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
0
Masterrer
Asked:
Masterrer
  • 5
  • 5
2 Solutions
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
are you sure you configuring correct option ?

check the fallowing sonicwall document to re verify your setup

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=TN&id=41
0
 
MasterrerAuthor Commented:
The document is very outdated, the settings and options described there either no longer exist or have been renamed or moved, but still the answer is Yes.

I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
0
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
i expect it can be problem with fallowing component

check Sonicwall configuration  with DHCP relay if option is enabled , DHCP server is accessible for  Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
MasterrerAuthor Commented:
I have performed some paket capture, on the Client and on the router:

After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further

DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?

The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
0
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
i am not sure if you have such option in sonicwall to ping a IP based on port so check if you able to do this !

else i recommend to use your laptop connect to the same network cable/network port  wear your sonicwall  is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner  !

0
 
MasterrerAuthor Commented:
unfortunately there is no option to ping a specific port with sonicwall

What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server  has an IP of 172.20.40.10

When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP

but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)

Also the arp table on the dhcp server reports
sonicwall LAN mac:   172.20.40.1
same as above:         172.20.40.200
sonicwall WAN mac:  172.20.40.100

The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.

I don't know what to make of this...
0
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
i think its a problem of network masking , what network mask are you using for this network ?

are you using subnetting ?
           network IP                          Valid IP                                     Broadcast IP             Next network start
/25      172.20.40.0 -         172.20.40.1 to 172.20.40.127             172.20.40.128            172.20.40.129
/26      172.20.40.0            172.20.40.1 to 172.20.40.191             172.20.40.192           172.20.40.193

if you using subnetting and mask like show in the list then because of that VPN clients are getting IP  when your public network because differ from your private network , if this is the problem you able to use any IP from next network and it will start work , Example use IP 172.20.40.130 if you using subnet mask 255.255.255.128 or 172.20.40.194 if you using subnet mask 255.255.255.192, it will work ,  if this was the problem in your case then you need to re dissension your IP teleology ;)
0
 
MasterrerAuthor Commented:
The problem was in the Sonicwall User Permissions,
RADIUS users did not have permissions to access other subnets

Thanks for the help!
0
 
MasterrerAuthor Commented:
The problem was in router config, not DHCP settings
0
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
good to know your problem resolved
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now