Solved

Server 2008 R2 does not issue DHCP when connecting from outside the office

Posted on 2011-09-14
10
974 Views
Last Modified: 2012-08-13
Problem Description:
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server

The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.

RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.

My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.

Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.

P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
0
Comment
Question by:Masterrer
  • 5
  • 5
10 Comments
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36535900
are you sure you configuring correct option ?

check the fallowing sonicwall document to re verify your setup

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=TN&id=41
0
 

Author Comment

by:Masterrer
ID: 36536031
The document is very outdated, the settings and options described there either no longer exist or have been renamed or moved, but still the answer is Yes.

I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536364
i expect it can be problem with fallowing component

check Sonicwall configuration  with DHCP relay if option is enabled , DHCP server is accessible for  Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
0
 

Author Comment

by:Masterrer
ID: 36536453
I have performed some paket capture, on the Client and on the router:

After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further

DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?

The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536630
i am not sure if you have such option in sonicwall to ping a IP based on port so check if you able to do this !

else i recommend to use your laptop connect to the same network cable/network port  wear your sonicwall  is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner  !

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Masterrer
ID: 36537902
unfortunately there is no option to ping a specific port with sonicwall

What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server  has an IP of 172.20.40.10

When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP

but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)

Also the arp table on the dhcp server reports
sonicwall LAN mac:   172.20.40.1
same as above:         172.20.40.200
sonicwall WAN mac:  172.20.40.100

The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.

I don't know what to make of this...
0
 
LVL 8

Assisted Solution

by:Amitabh Singh
Amitabh Singh earned 100 total points
ID: 36558923
i think its a problem of network masking , what network mask are you using for this network ?

are you using subnetting ?
           network IP                          Valid IP                                     Broadcast IP             Next network start
/25      172.20.40.0 -         172.20.40.1 to 172.20.40.127             172.20.40.128            172.20.40.129
/26      172.20.40.0            172.20.40.1 to 172.20.40.191             172.20.40.192           172.20.40.193

if you using subnetting and mask like show in the list then because of that VPN clients are getting IP  when your public network because differ from your private network , if this is the problem you able to use any IP from next network and it will start work , Example use IP 172.20.40.130 if you using subnet mask 255.255.255.128 or 172.20.40.194 if you using subnet mask 255.255.255.192, it will work ,  if this was the problem in your case then you need to re dissension your IP teleology ;)
0
 

Accepted Solution

by:
Masterrer earned 0 total points
ID: 36915635
The problem was in the Sonicwall User Permissions,
RADIUS users did not have permissions to access other subnets

Thanks for the help!
0
 

Author Closing Comment

by:Masterrer
ID: 36941014
The problem was in router config, not DHCP settings
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36915660
good to know your problem resolved
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Let’s list some of the technologies that enable smooth teleworking. 
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now