Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1185
  • Last Modified:

Force Logon Server Change via PPTP VPN

Hi,

We have recently migrated a 2003 sbs to 2008 r2 and the mailboxes to exchange 2010, and we are having a problem with our remote users who connect to the domain via cached profile and then make a VPN connection to the netwrok using a PPTP to a CYBERGUARD router to recieve their exchange emails.

Our problem is that there machines currently are looking for a DC that no longer exist as it has been migrated.
So when i open a CMD prompt and type 'set logonserver' its refernecing the wrong DC.

Is there a way to force these remote machines to use the correct logon server?

Any help on this would be greatly appreciated

Cheers

Matt
0
YellowbusTeam
Asked:
YellowbusTeam
  • 4
  • 3
1 Solution
 
Rob WilliamsCommented:
Have you considered using a Windows VPN and configuring to connect to the VPN before logon.  This allows for proper authentication rather than using cached credentials.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

However, if the domain has changed as well (i.e. not just the logon server name), or it wasn't a true migration, you will need to disjoin the old domain and join the new.  You can disjoin using a local admin account and joining a workgroup, and then using the Windows VPN join the new domain using the VPN as per:
http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
0
 
YellowbusTeamAuthor Commented:
Thanks for the post RobbWill, the domain name stayed the same the only thing that changed was the DC which basically went from svr1 to svr01.

The windows VPN would we require any special software?

And is it relativelt simple to setup?

The main issue is that we have approx 100 users who vpn remotely.

Many Thanks

Matt
0
 
Rob WilliamsCommented:
>>"The windows VPN would we require any special software? "
No, it's built into the server (RRAS) and PC.

>>"And is it relativelt simple to setup?"
Very

>>"The main issue is that we have approx 100 users who vpn remotely."
That might be a problem from a support point of view.  Though it is quite easy, especially the client end, we both know 40% of those users are going to need to be hand held through the process.

Where the domain has not changed, your approach is probably the better option.  Why is it looking for the old logon server I assume is the question.  Since the user is already logged in with cached credentials it should only be the VPN looking for the server and that should just be a configuration in the VPN client, or in the Cyberguard router VPN DHCP scope options.
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
YellowbusTeamAuthor Commented:
Windows VPN is not an option at this time.

Is there a way to change it using a host file or batch file etc to change the logonserver?

Ta

Matt
0
 
Rob WilliamsCommented:
Not than I am aware of, it is a function of the domain membership.
However it shouldn't be neccesary unless you are wanting to authenticate to the domain for logon purposes.

If connecting to reources or exchange it is more concerned with the domain controller that with authenticate that user for that resouce.  You can for example belong to one domain, and map a drive or connect to Exchnge on another domain.  You need to verify that the user and the Cyberguard VPN client are the using the correct DNS server IP, username ,and domain name.  Make sure your username is in the form  domain\username.  Also if you can configure the client add the DNS server and domain suffix to the Cyberguard VPN client.

Are you sure the VPN client is not pointing to the IP of the old DNS server?   That is a more common issue.
0
 
YellowbusTeamAuthor Commented:
Thanks Robwill,

We had forgotten to change the ip of the DNS/dhcp server and the remote machines are now syncing.

Thanks for the help
0
 
Rob WilliamsCommented:
Glad to hear you were able to resolve.
Thanks YellowbusTeam.
Cheers!
--Rob
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now