[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Cannot authenticate to domain over Site-to-site VPN

We have moved a company into to locations and I have 2 Untangle routers providing a site-to-site VPN.

Having trouble logging in as accounts are not authenticating against domain controller (Windows SBS 2008).  However, the networks communicate fine.  I can ping and access shares on both locations.

Server network is 192.168.0.x
On location is 192.168.11.x

cached users can login but if I go to \\(serverIP) it resolves but only shares that are public are seen, not shares only seen by Domain Users

What am I doing wrong that computers on the 192.168.11.x networks don't authenticate?
0
rwohleber
Asked:
rwohleber
  • 7
  • 3
1 Solution
 
joelsplaceCommented:
Your DNS is probably not set to the login server.
0
 
rwohleberAuthor Commented:
When I log onto my cached account (the administration account) I now see the shares (hardcoded one machine to primary as the SBS, secondary my local router).

When I log on with other users, I get  "You cannot log on because the logon method you are using is not allowed on this computer.  Please see your network administrator for more information"
0
 
joelsplaceCommented:
Have you tried gpupdate /force ?
Anything helpful in the event log?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
rwohleberAuthor Commented:
Before trying that, I set Domain Users to local admin to my test machine, user is now logging in (slowly).  Hopefully it loads eventually.
0
 
joelsplaceCommented:
Are you using roaming profiles?  If so you may have some permission issues (should show up in event log) or the profile may be too large for a slow link.
0
 
rwohleberAuthor Commented:
I do have roaming profiles.  The profile will likely be large for this user but I expected better speed.  Each line is a 50Mb/5Mb and the firewall seeds 10KB/s being transferred :/
0
 
rwohleberAuthor Commented:
firewall sees**
0
 
rwohleberAuthor Commented:
Serves me right for opening my mouth, it just finished :)
 
I will try the other users (they have smaller profiles than my testing user)
0
 
SandeshdubeyCommented:
Yes if the roaming pofile size is large you will face issue as eats the bandwidth.

Don't use a roaming profile...those are good for LAN users or users connected over any sort of decent broadband site link, but not much otherwise instead you can configure folder redirection.

Reference link:
http://serverfault.com/questions/46608/best-practices-roaming-user-profiles-for-users-who-connect-via-vpn-frequently
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
rwohleberAuthor Commented:
Used host file modification to resolve.
0
 
rwohleberAuthor Commented:
This modification isnt best but was needed.  Pointed server at IP through host file.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now