• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 368
  • Last Modified:

Details about aVPN and computer trying to get back to the SBS 2011 standard server

I'm new to this.  SBS 2011 domain at  There's a VPN to a remote office with ip

At the remote location I am setting up a desktop.  In hosts file on this new computer, I added the server IP pointing to  server.domain.local  ; server  ;  domain.local.

Tried running http://connect and that didn't work.  I added connect as an entry in hosts and that still didn't work.  I googled and found that the dns on this new machine should point to the server.  so I added that (the router at the remote location is doing DHCP and DNS normally.

Going forward, to be able to access shares on the server, etc. can the dns be the local router?  it's a sonicwall.  is there something I need to do on the sonicwall to have it know to check with the server / dns at the home office.

is there anything else I need to do to be able to have this remote computer act / think it's in the home office on the other subnet?

  • 2
3 Solutions
David AtkinTechnical DirectorCommented:

If you're joining the PC to the domain from over a VPN then you won't be able to use the connect wizard.  You will need to run 'netdom' and do it via command.

See here:

Another option is to take the PC back to the main site, join the domain and then take it back to the remote site.

DNS can be the local router for the remote site (and should, unless you have an on-site server).

Keep the server name in the host file of the PC though as this may help.

How have you created the VPN? Can you ping the server IP ok?
Rob WilliamsCommented:
I have blogged about the complete steps required to join a domain using a VPN.  Rather than reposting it all I have placed a link below.  It should be helpful.


The first section deals with a site to site VPN. Scroll down a little to "Joining the domain using a Windows VPN client"
running domain joined machines across a VPN may have issues if the machines cannot resolve DNS for the domain, as DNS forms a critical part of Active Directory.

If you simple set the machine to use the DNS of the DC across the VPN it should work fine, but this causes an issue if the line is slow or down.

sometimes best to set the DC as the primary DNS on the PCs, and put the router as secondary. if the Server or VPN is down the PC can then use the routers DNS as a failover.

If DNS traffic across the VPN causes you a problem, you may have to consider why you want the PCs to be on the domain in the first place. Standalone PCs may be better if you cannot have an on site DC.
Rob WilliamsCommented:
Sorry but I disagree with the statement; "sometimes best to set the DC as the primary DNS on the PCs, and put the router as secondary. if the Server or VPN is down the PC can then use the routers DNS as a failover."

Unfortunately this a common mistake with DNS.  DNS in Windows does not act as one would expect.  It does not contact the primary DNS and when that fails, the secondary.  It responds to the first DNS server that 'answers'.  On a LAN this constantly causes slow logons and name resolution issues as the ISP, which forwards to the ISP, will often respond first.  In a VPN situation the ISP will almost always respond first and the alternate will not be contacted until a time out period when the ISP cannot resolve the internal name.

The link I provided includes the DNS configuration.  

I agree not joining the domain can have some advantages, maybe more so with with Windows 8, but not doing so requires 2 step authentication (PC and server), and does not allow group policies and drive mappings to be pushed out.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now