Solved

login.bat not running over hamachi VPN

Posted on 2014-01-08
8
899 Views
Last Modified: 2014-01-15
I have connected a remote PC to the head office using Hamachi VPN. I have purchased a licence as the free version does not run as a service.

The PC is connected to the VPN before logon, as is the server.

I have added the PC to the domain (AD running on the server 2003) but when I login the login script (login.bat - maos network drives) that is configured using group policys is not running.

I have run the script locally on the PC and it maps the network drives correctly.

What am I doing wrong here?
0
Comment
Question by:roy_batty
8 Comments
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Are you 100% sure that you are connected prior to logging on?  Are there other steps when you connect to the VPN connection?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
It's not possible to have the Hamachi VPN connect before logon, therefore login scripts will not work.  You have to use a batch file after logon or use the windows VPN.
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 250 total points
Comment Utility
0
 
LVL 18

Expert Comment

by:Andrew Davis
Comment Utility
tests:-
1. before the remote client has logged on, can you ping the remote clients computer? This will tell you if the VPN is established.

2. What Errors are logged in event viewer for the remote client in relation to group policies being applied?
Are any other group policies working fine.

3. From the client can you browse \\{name of server} and do you see the netlogon and sysvol shares?

4. Try adjusting the Bat file to start with a "ping {ip of server}" this will force the client to try to establish the connection prior to attempting to map the drives. You could also add a "Pause" at the end of the bat file so that you can see the output result (note you dont want to leave it there permanently as it will keep the screen open on all users when they logon).

Cheers
Andrew
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:Coralon
Comment Utility
Your login scripts will not run if you have to login before connecting.

What is happening is you are getting logged in with cached credentials on your local machine.  Then you are establishing your network connection, so as far as your system is concerned, it is the logon server.  As long as this is the case, your group policies, logon scripts etc. will never run.  

This is very easy to verify:
open a command prompt, and type in 'set logon' and that will show you what your system thinks is the logon server.  

(The screenshot has my home Windows 8 machine.. its logging in from my Microsoft Live account).  You will see your login server as \\<computername>.  

You could basically set up a script that would just test your connection to the domain controller, and once it becomes valid, then run your script..

This isn't debugged.. but something like this..

(cmd)
@echo off
start 'c:\program files\hamachi\hamachi.exe'  
waitfor /t 10 BOGUSSIGNAL > nul: 2>&1

:TestLoop
If exist \\<servername>.domain.tld\netlogon\loginscript.cmd (
     \\<servername>.domain.tld\netlogon\loginscript.cmd 
     goto :connected
) else (
     waitfor /t 5 BOGUSSIGNAL > nul: 2>&1)

:connected
echo Your login script has been launched.

Open in new window


Basically, the script launches Hamachi (I've only heard of it, not used it), and then waits for 10 seconds.  (Waitfor is built in to Windows 7, 8.. you could also download and use sleep.exe).  After that 10 seconds (basically, just giving Hamachi a chance to connect), then it checks if the login script on the domain controller you are looking for exists (which means your system can 'see' it).  If it does, it runs it, if not, it sleeps for another 5 seconds tries again.. it will continue until it connects.

Here is a powershell version of the same thing
start "" "C:\program files\hamachi\hamachi.exe"
Start-Sleep -Seconds 10

while ($true) {
    if (Test-Path -Path '\\servername\netlogon\loginscript.cmd') {
        & 'cmd.exe /k "\\servername\netlogon\loginscript.cmd"'
    } else {
    Start-Sleep 5
    }
}

Open in new window


Coralon
LogonServer.png
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
Comment Utility
Ideally you want to use a Windows VPN and client, though there are some others such as Cisco, which allow you to connect to the VPN before logging in.  Thus you are actually authenticating to the server, not using cached credentials.  I have blogged as to how to connect with Windows.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

If this is not an option you are best to have a batch file on which the user 'clicks' after logon, or add it to their startup menu.
0
 
LVL 1

Author Closing Comment

by:roy_batty
Comment Utility
The paid for version of Hamachi I am using runs as a service and does connect prior to login. It takes a miinute or two but it does connect.

However I could get GPOs working.

So I took your advice and set up a proper VPN using the the windows server and vpn client.

GPOs working fine now.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Good to hear, and it's free :-)
Thanks roy_batty.
Cheers!
--Rob
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now