• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 970
  • Last Modified:

login.bat not running over hamachi VPN

I have connected a remote PC to the head office using Hamachi VPN. I have purchased a licence as the free version does not run as a service.

The PC is connected to the VPN before logon, as is the server.

I have added the PC to the domain (AD running on the server 2003) but when I login the login script (login.bat - maos network drives) that is configured using group policys is not running.

I have run the script locally on the PC and it maps the network drives correctly.

What am I doing wrong here?
0
roy_batty
Asked:
roy_batty
2 Solutions
 
yo_beeDirector of ITCommented:
Are you 100% sure that you are connected prior to logging on?  Are there other steps when you connect to the VPN connection?
0
 
Rob WilliamsCommented:
It's not possible to have the Hamachi VPN connect before logon, therefore login scripts will not work.  You have to use a batch file after logon or use the windows VPN.
0
 
Tony MassaCommented:
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Andrew DavisManagerCommented:
tests:-
1. before the remote client has logged on, can you ping the remote clients computer? This will tell you if the VPN is established.

2. What Errors are logged in event viewer for the remote client in relation to group policies being applied?
Are any other group policies working fine.

3. From the client can you browse \\{name of server} and do you see the netlogon and sysvol shares?

4. Try adjusting the Bat file to start with a "ping {ip of server}" this will force the client to try to establish the connection prior to attempting to map the drives. You could also add a "Pause" at the end of the bat file so that you can see the output result (note you dont want to leave it there permanently as it will keep the screen open on all users when they logon).

Cheers
Andrew
0
 
CoralonCommented:
Your login scripts will not run if you have to login before connecting.

What is happening is you are getting logged in with cached credentials on your local machine.  Then you are establishing your network connection, so as far as your system is concerned, it is the logon server.  As long as this is the case, your group policies, logon scripts etc. will never run.  

This is very easy to verify:
open a command prompt, and type in 'set logon' and that will show you what your system thinks is the logon server.  

(The screenshot has my home Windows 8 machine.. its logging in from my Microsoft Live account).  You will see your login server as \\<computername>.  

You could basically set up a script that would just test your connection to the domain controller, and once it becomes valid, then run your script..

This isn't debugged.. but something like this..

(cmd)
@echo off
start 'c:\program files\hamachi\hamachi.exe'  
waitfor /t 10 BOGUSSIGNAL > nul: 2>&1

:TestLoop
If exist \\<servername>.domain.tld\netlogon\loginscript.cmd (
     \\<servername>.domain.tld\netlogon\loginscript.cmd 
     goto :connected
) else (
     waitfor /t 5 BOGUSSIGNAL > nul: 2>&1)

:connected
echo Your login script has been launched.

Open in new window


Basically, the script launches Hamachi (I've only heard of it, not used it), and then waits for 10 seconds.  (Waitfor is built in to Windows 7, 8.. you could also download and use sleep.exe).  After that 10 seconds (basically, just giving Hamachi a chance to connect), then it checks if the login script on the domain controller you are looking for exists (which means your system can 'see' it).  If it does, it runs it, if not, it sleeps for another 5 seconds tries again.. it will continue until it connects.

Here is a powershell version of the same thing
start "" "C:\program files\hamachi\hamachi.exe"
Start-Sleep -Seconds 10

while ($true) {
    if (Test-Path -Path '\\servername\netlogon\loginscript.cmd') {
        & 'cmd.exe /k "\\servername\netlogon\loginscript.cmd"'
    } else {
    Start-Sleep 5
    }
}

Open in new window


Coralon
LogonServer.png
0
 
Rob WilliamsCommented:
Ideally you want to use a Windows VPN and client, though there are some others such as Cisco, which allow you to connect to the VPN before logging in.  Thus you are actually authenticating to the server, not using cached credentials.  I have blogged as to how to connect with Windows.
http://blog.lan-tech.ca/2012/04/29/connect-to-windows-vpn-at-logon/

If this is not an option you are best to have a batch file on which the user 'clicks' after logon, or add it to their startup menu.
0
 
roy_battyAuthor Commented:
The paid for version of Hamachi I am using runs as a service and does connect prior to login. It takes a miinute or two but it does connect.

However I could get GPOs working.

So I took your advice and set up a proper VPN using the the windows server and vpn client.

GPOs working fine now.
0
 
Rob WilliamsCommented:
Good to hear, and it's free :-)
Thanks roy_batty.
Cheers!
--Rob
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now