Solved

Force Logon Server Change via PPTP VPN

Posted on 2013-01-28
7
1,147 Views
Last Modified: 2013-01-29
Hi,

We have recently migrated a 2003 sbs to 2008 r2 and the mailboxes to exchange 2010, and we are having a problem with our remote users who connect to the domain via cached profile and then make a VPN connection to the netwrok using a PPTP to a CYBERGUARD router to recieve their exchange emails.

Our problem is that there machines currently are looking for a DC that no longer exist as it has been migrated.
So when i open a CMD prompt and type 'set logonserver' its refernecing the wrong DC.

Is there a way to force these remote machines to use the correct logon server?

Any help on this would be greatly appreciated

Cheers

Matt
0
Comment
Question by:YellowbusTeam
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38826587
Have you considered using a Windows VPN and configuring to connect to the VPN before logon.  This allows for proper authentication rather than using cached credentials.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

However, if the domain has changed as well (i.e. not just the logon server name), or it wasn't a true migration, you will need to disjoin the old domain and join the new.  You can disjoin using a local admin account and joining a workgroup, and then using the Windows VPN join the new domain using the VPN as per:
http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
0
 

Author Comment

by:YellowbusTeam
ID: 38826748
Thanks for the post RobbWill, the domain name stayed the same the only thing that changed was the DC which basically went from svr1 to svr01.

The windows VPN would we require any special software?

And is it relativelt simple to setup?

The main issue is that we have approx 100 users who vpn remotely.

Many Thanks

Matt
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38826776
>>"The windows VPN would we require any special software? "
No, it's built into the server (RRAS) and PC.

>>"And is it relativelt simple to setup?"
Very

>>"The main issue is that we have approx 100 users who vpn remotely."
That might be a problem from a support point of view.  Though it is quite easy, especially the client end, we both know 40% of those users are going to need to be hand held through the process.

Where the domain has not changed, your approach is probably the better option.  Why is it looking for the old logon server I assume is the question.  Since the user is already logged in with cached credentials it should only be the VPN looking for the server and that should just be a configuration in the VPN client, or in the Cyberguard router VPN DHCP scope options.
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 

Author Comment

by:YellowbusTeam
ID: 38827133
Windows VPN is not an option at this time.

Is there a way to change it using a host file or batch file etc to change the logonserver?

Ta

Matt
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 38827177
Not than I am aware of, it is a function of the domain membership.
However it shouldn't be neccesary unless you are wanting to authenticate to the domain for logon purposes.

If connecting to reources or exchange it is more concerned with the domain controller that with authenticate that user for that resouce.  You can for example belong to one domain, and map a drive or connect to Exchnge on another domain.  You need to verify that the user and the Cyberguard VPN client are the using the correct DNS server IP, username ,and domain name.  Make sure your username is in the form  domain\username.  Also if you can configure the client add the DNS server and domain suffix to the Cyberguard VPN client.

Are you sure the VPN client is not pointing to the IP of the old DNS server?   That is a more common issue.
0
 

Author Comment

by:YellowbusTeam
ID: 38830417
Thanks Robwill,

We had forgotten to change the ip of the DNS/dhcp server and the remote machines are now syncing.

Thanks for the help
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38830933
Glad to hear you were able to resolve.
Thanks YellowbusTeam.
Cheers!
--Rob
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now