?
Solved

Force Logon Server Change via PPTP VPN

Posted on 2013-01-28
7
Medium Priority
?
1,192 Views
Last Modified: 2013-01-29
Hi,

We have recently migrated a 2003 sbs to 2008 r2 and the mailboxes to exchange 2010, and we are having a problem with our remote users who connect to the domain via cached profile and then make a VPN connection to the netwrok using a PPTP to a CYBERGUARD router to recieve their exchange emails.

Our problem is that there machines currently are looking for a DC that no longer exist as it has been migrated.
So when i open a CMD prompt and type 'set logonserver' its refernecing the wrong DC.

Is there a way to force these remote machines to use the correct logon server?

Any help on this would be greatly appreciated

Cheers

Matt
0
Comment
Question by:YellowbusTeam
  • 4
  • 3
7 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38826587
Have you considered using a Windows VPN and configuring to connect to the VPN before logon.  This allows for proper authentication rather than using cached credentials.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

However, if the domain has changed as well (i.e. not just the logon server name), or it wasn't a true migration, you will need to disjoin the old domain and join the new.  You can disjoin using a local admin account and joining a workgroup, and then using the Windows VPN join the new domain using the VPN as per:
http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
0
 

Author Comment

by:YellowbusTeam
ID: 38826748
Thanks for the post RobbWill, the domain name stayed the same the only thing that changed was the DC which basically went from svr1 to svr01.

The windows VPN would we require any special software?

And is it relativelt simple to setup?

The main issue is that we have approx 100 users who vpn remotely.

Many Thanks

Matt
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38826776
>>"The windows VPN would we require any special software? "
No, it's built into the server (RRAS) and PC.

>>"And is it relativelt simple to setup?"
Very

>>"The main issue is that we have approx 100 users who vpn remotely."
That might be a problem from a support point of view.  Though it is quite easy, especially the client end, we both know 40% of those users are going to need to be hand held through the process.

Where the domain has not changed, your approach is probably the better option.  Why is it looking for the old logon server I assume is the question.  Since the user is already logged in with cached credentials it should only be the VPN looking for the server and that should just be a configuration in the VPN client, or in the Cyberguard router VPN DHCP scope options.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 

Author Comment

by:YellowbusTeam
ID: 38827133
Windows VPN is not an option at this time.

Is there a way to change it using a host file or batch file etc to change the logonserver?

Ta

Matt
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 38827177
Not than I am aware of, it is a function of the domain membership.
However it shouldn't be neccesary unless you are wanting to authenticate to the domain for logon purposes.

If connecting to reources or exchange it is more concerned with the domain controller that with authenticate that user for that resouce.  You can for example belong to one domain, and map a drive or connect to Exchnge on another domain.  You need to verify that the user and the Cyberguard VPN client are the using the correct DNS server IP, username ,and domain name.  Make sure your username is in the form  domain\username.  Also if you can configure the client add the DNS server and domain suffix to the Cyberguard VPN client.

Are you sure the VPN client is not pointing to the IP of the old DNS server?   That is a more common issue.
0
 

Author Comment

by:YellowbusTeam
ID: 38830417
Thanks Robwill,

We had forgotten to change the ip of the DNS/dhcp server and the remote machines are now syncing.

Thanks for the help
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38830933
Glad to hear you were able to resolve.
Thanks YellowbusTeam.
Cheers!
--Rob
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month6 days, 20 hours left to enroll

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question