Solved

Force Logon Server Change via PPTP VPN

Posted on 2013-01-28
7
1,158 Views
Last Modified: 2013-01-29
Hi,

We have recently migrated a 2003 sbs to 2008 r2 and the mailboxes to exchange 2010, and we are having a problem with our remote users who connect to the domain via cached profile and then make a VPN connection to the netwrok using a PPTP to a CYBERGUARD router to recieve their exchange emails.

Our problem is that there machines currently are looking for a DC that no longer exist as it has been migrated.
So when i open a CMD prompt and type 'set logonserver' its refernecing the wrong DC.

Is there a way to force these remote machines to use the correct logon server?

Any help on this would be greatly appreciated

Cheers

Matt
0
Comment
Question by:YellowbusTeam
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38826587
Have you considered using a Windows VPN and configuring to connect to the VPN before logon.  This allows for proper authentication rather than using cached credentials.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

However, if the domain has changed as well (i.e. not just the logon server name), or it wasn't a true migration, you will need to disjoin the old domain and join the new.  You can disjoin using a local admin account and joining a workgroup, and then using the Windows VPN join the new domain using the VPN as per:
http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/
0
 

Author Comment

by:YellowbusTeam
ID: 38826748
Thanks for the post RobbWill, the domain name stayed the same the only thing that changed was the DC which basically went from svr1 to svr01.

The windows VPN would we require any special software?

And is it relativelt simple to setup?

The main issue is that we have approx 100 users who vpn remotely.

Many Thanks

Matt
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38826776
>>"The windows VPN would we require any special software? "
No, it's built into the server (RRAS) and PC.

>>"And is it relativelt simple to setup?"
Very

>>"The main issue is that we have approx 100 users who vpn remotely."
That might be a problem from a support point of view.  Though it is quite easy, especially the client end, we both know 40% of those users are going to need to be hand held through the process.

Where the domain has not changed, your approach is probably the better option.  Why is it looking for the old logon server I assume is the question.  Since the user is already logged in with cached credentials it should only be the VPN looking for the server and that should just be a configuration in the VPN client, or in the Cyberguard router VPN DHCP scope options.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:YellowbusTeam
ID: 38827133
Windows VPN is not an option at this time.

Is there a way to change it using a host file or batch file etc to change the logonserver?

Ta

Matt
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 38827177
Not than I am aware of, it is a function of the domain membership.
However it shouldn't be neccesary unless you are wanting to authenticate to the domain for logon purposes.

If connecting to reources or exchange it is more concerned with the domain controller that with authenticate that user for that resouce.  You can for example belong to one domain, and map a drive or connect to Exchnge on another domain.  You need to verify that the user and the Cyberguard VPN client are the using the correct DNS server IP, username ,and domain name.  Make sure your username is in the form  domain\username.  Also if you can configure the client add the DNS server and domain suffix to the Cyberguard VPN client.

Are you sure the VPN client is not pointing to the IP of the old DNS server?   That is a more common issue.
0
 

Author Comment

by:YellowbusTeam
ID: 38830417
Thanks Robwill,

We had forgotten to change the ip of the DNS/dhcp server and the remote machines are now syncing.

Thanks for the help
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38830933
Glad to hear you were able to resolve.
Thanks YellowbusTeam.
Cheers!
--Rob
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question