Details about aVPN and computer trying to get back to the SBS 2011 standard server

I'm new to this.  SBS 2011 domain at 192.168.1.0/24.  There's a VPN to a remote office with ip 192.168.2.0/24

At the remote location I am setting up a desktop.  In hosts file on this new computer, I added the server IP 192.168.1.3 pointing to  server.domain.local  ; server  ;  domain.local.

Tried running http://connect and that didn't work.  I added connect as an entry in hosts and that still didn't work.  I googled and found that the dns on this new machine should point to the server.  so I added that (the router at the remote location is doing DHCP and DNS normally.

Going forward, to be able to access shares on the server, etc. can the dns be the local router?  it's a sonicwall.  is there something I need to do on the sonicwall to have it know to check with the server / dns at the home office.

is there anything else I need to do to be able to have this remote computer act / think it's in the home office on the other subnet?

thanks!
BeGentleWithMe-INeedHelpAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:
Hello,

If you're joining the PC to the domain from over a VPN then you won't be able to use the connect wizard.  You will need to run 'netdom' and do it via command.

See here:
http://technet.microsoft.com/en-us/library/cc772217.aspx

Another option is to take the PC back to the main site, join the domain and then take it back to the remote site.

DNS can be the local router for the remote site (and should, unless you have an on-site server).

Keep the server name in the host file of the PC though as this may help.

How have you created the VPN? Can you ping the server IP ok?
0
Rob WilliamsCommented:
I have blogged about the complete steps required to join a domain using a VPN.  Rather than reposting it all I have placed a link below.  It should be helpful.

http://blog.lan-tech.ca/2012/07/25/how-to-join-a-windows-domain-using-a-vpn/

The first section deals with a site to site VPN. Scroll down a little to "Joining the domain using a Windows VPN client"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SteveCommented:
running domain joined machines across a VPN may have issues if the machines cannot resolve DNS for the domain, as DNS forms a critical part of Active Directory.

If you simple set the machine to use the DNS of the DC across the VPN it should work fine, but this causes an issue if the line is slow or down.

sometimes best to set the DC as the primary DNS on the PCs, and put the router as secondary. if the Server or VPN is down the PC can then use the routers DNS as a failover.

If DNS traffic across the VPN causes you a problem, you may have to consider why you want the PCs to be on the domain in the first place. Standalone PCs may be better if you cannot have an on site DC.
0
Rob WilliamsCommented:
Sorry but I disagree with the statement; "sometimes best to set the DC as the primary DNS on the PCs, and put the router as secondary. if the Server or VPN is down the PC can then use the routers DNS as a failover."

Unfortunately this a common mistake with DNS.  DNS in Windows does not act as one would expect.  It does not contact the primary DNS and when that fails, the secondary.  It responds to the first DNS server that 'answers'.  On a LAN this constantly causes slow logons and name resolution issues as the ISP, which forwards to the ISP, will often respond first.  In a VPN situation the ISP will almost always respond first and the alternate will not be contacted until a time out period when the ISP cannot resolve the internal name.

The link I provided includes the DNS configuration.  

I agree not joining the domain can have some advantages, maybe more so with with Windows 8, but not doing so requires 2 step authentication (PC and server), and does not allow group policies and drive mappings to be pushed out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.