Force Logon Server Change via PPTP VPN

Hi,

We have recently migrated a 2003 sbs to 2008 r2 and the mailboxes to exchange 2010, and we are having a problem with our remote users who connect to the domain via cached profile and then make a VPN connection to the netwrok using a PPTP to a CYBERGUARD router to recieve their exchange emails.

Our problem is that there machines currently are looking for a DC that no longer exist as it has been migrated.
So when i open a CMD prompt and type 'set logonserver' its refernecing the wrong DC.

Is there a way to force these remote machines to use the correct logon server?

Any help on this would be greatly appreciated

Cheers

Matt
YellowbusTeamAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Rob WilliamsConnect With a Mentor Commented:
Not than I am aware of, it is a function of the domain membership.
However it shouldn't be neccesary unless you are wanting to authenticate to the domain for logon purposes.

If connecting to reources or exchange it is more concerned with the domain controller that with authenticate that user for that resouce.  You can for example belong to one domain, and map a drive or connect to Exchnge on another domain.  You need to verify that the user and the Cyberguard VPN client are the using the correct DNS server IP, username ,and domain name.  Make sure your username is in the form  domain\username.  Also if you can configure the client add the DNS server and domain suffix to the Cyberguard VPN client.

Are you sure the VPN client is not pointing to the IP of the old DNS server?   That is a more common issue.
0
 
Rob WilliamsCommented:
Have you considered using a Windows VPN and configuring to connect to the VPN before logon.  This allows for proper authentication rather than using cached credentials.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

However, if the domain has changed as well (i.e. not just the logon server name), or it wasn't a true migration, you will need to disjoin the old domain and join the new.  You can disjoin using a local admin account and joining a workgroup, and then using the Windows VPN join the new domain using the VPN as per:
http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
0
 
YellowbusTeamAuthor Commented:
Thanks for the post RobbWill, the domain name stayed the same the only thing that changed was the DC which basically went from svr1 to svr01.

The windows VPN would we require any special software?

And is it relativelt simple to setup?

The main issue is that we have approx 100 users who vpn remotely.

Many Thanks

Matt
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Rob WilliamsCommented:
>>"The windows VPN would we require any special software? "
No, it's built into the server (RRAS) and PC.

>>"And is it relativelt simple to setup?"
Very

>>"The main issue is that we have approx 100 users who vpn remotely."
That might be a problem from a support point of view.  Though it is quite easy, especially the client end, we both know 40% of those users are going to need to be hand held through the process.

Where the domain has not changed, your approach is probably the better option.  Why is it looking for the old logon server I assume is the question.  Since the user is already logged in with cached credentials it should only be the VPN looking for the server and that should just be a configuration in the VPN client, or in the Cyberguard router VPN DHCP scope options.
0
 
YellowbusTeamAuthor Commented:
Windows VPN is not an option at this time.

Is there a way to change it using a host file or batch file etc to change the logonserver?

Ta

Matt
0
 
YellowbusTeamAuthor Commented:
Thanks Robwill,

We had forgotten to change the ip of the DNS/dhcp server and the remote machines are now syncing.

Thanks for the help
0
 
Rob WilliamsCommented:
Glad to hear you were able to resolve.
Thanks YellowbusTeam.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.