Solved

Server 2008 R2 does not issue DHCP when connecting from outside the office

Posted on 2011-09-14
10
985 Views
Last Modified: 2012-08-13
Problem Description:
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server

The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.

RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.

My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.

Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.

P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
0
Comment
Question by:Masterrer
  • 5
  • 5
10 Comments
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36535900
are you sure you configuring correct option ?

check the fallowing sonicwall document to re verify your setup

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=TN&id=41
0
 

Author Comment

by:Masterrer
ID: 36536031
The document is very outdated, the settings and options described there either no longer exist or have been renamed or moved, but still the answer is Yes.

I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536364
i expect it can be problem with fallowing component

check Sonicwall configuration  with DHCP relay if option is enabled , DHCP server is accessible for  Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Masterrer
ID: 36536453
I have performed some paket capture, on the Client and on the router:

After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further

DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?

The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536630
i am not sure if you have such option in sonicwall to ping a IP based on port so check if you able to do this !

else i recommend to use your laptop connect to the same network cable/network port  wear your sonicwall  is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner  !

0
 

Author Comment

by:Masterrer
ID: 36537902
unfortunately there is no option to ping a specific port with sonicwall

What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server  has an IP of 172.20.40.10

When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP

but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)

Also the arp table on the dhcp server reports
sonicwall LAN mac:   172.20.40.1
same as above:         172.20.40.200
sonicwall WAN mac:  172.20.40.100

The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.

I don't know what to make of this...
0
 
LVL 8

Assisted Solution

by:Amitabh Singh
Amitabh Singh earned 100 total points
ID: 36558923
i think its a problem of network masking , what network mask are you using for this network ?

are you using subnetting ?
           network IP                          Valid IP                                     Broadcast IP             Next network start
/25      172.20.40.0 -         172.20.40.1 to 172.20.40.127             172.20.40.128            172.20.40.129
/26      172.20.40.0            172.20.40.1 to 172.20.40.191             172.20.40.192           172.20.40.193

if you using subnetting and mask like show in the list then because of that VPN clients are getting IP  when your public network because differ from your private network , if this is the problem you able to use any IP from next network and it will start work , Example use IP 172.20.40.130 if you using subnet mask 255.255.255.128 or 172.20.40.194 if you using subnet mask 255.255.255.192, it will work ,  if this was the problem in your case then you need to re dissension your IP teleology ;)
0
 

Accepted Solution

by:
Masterrer earned 0 total points
ID: 36915635
The problem was in the Sonicwall User Permissions,
RADIUS users did not have permissions to access other subnets

Thanks for the help!
0
 

Author Closing Comment

by:Masterrer
ID: 36941014
The problem was in router config, not DHCP settings
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36915660
good to know your problem resolved
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question