VPN and folder redirection

I have an Point to Point VPN with 2 SonicWALL's. Site A has the server Site B is where some other workstations are. I have folder re-direction setup on group policy. Site A works fine, on Site B in the event log it says it cannot access the server. If I do \\server name I get to the server but get a permission error, if I do \\IP Address I get right to the shared folders without issue.
LVL 5
JasonDuncanworksAsked:
Who is Participating?
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
That will work as a workaround the FQDN to GP, reason I asked you to do it was because I suspect its a DNS issue which it 100% is now.

Adding a entry to the host file will also fix it, the entry would be for the FQDN that is.

I want you to be able to access the server at its shortname not FQDN.
Im just thinking about it here for a second what to do next to permanently resolve it.
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Do you have a domain controller on site B?

How many domain controllers are there in this setup?

If you type the command NSlookup on one of the machines on site B are they looking at the site B DNS server or the site A Dns server?
0
 
JasonDuncanworksAuthor Commented:
There is only a DC on Site A,

I ran NSLookup on a workstation and got this response.

C:\Windows\system32>nslookup
Default Server:  UnKnown
Address:  192.168.2.254

> input in flex scanner failed
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
IS that looking at the firewall for DNS? that would be the problem if it is. Marrys up with what your describing here too.
Accessible by IP not by Hostname.
Im pretty sure if we ping site A DC from the site B machine your referencing here the request will fail.

Try and manually specify the Site A DC as the primary DNS server on one of the site B machines see if that resolves the issue as a test.

How many domain controllers in total? Can you confirm your not using Windows SBS ?
What operating systems are the domain controller(s)?

With regards to your dns config it should be setup like this as far as im aware.
1. It is Microsoft recommended to use root hints for external dns resolution. Some people and sites use forwarders in general this works fine either way don't worry about this setting it will work either way.
2. Client machines should only really be using the domain controllers for DNS not the firewall and not any other DNS servers.
3. Your firewall(s) should be using the DNS servers in its configs that are specified by the Service Provider.
4. Just seen your response below, I would consider long term to put a DC in site B. I would keep the DC in site A holding all of the roles which it should be holding already.

You can get it working fine without points 1 and 4 here, be careful making such changes and just make sure you go through the relevant Microsoft Docs for adding a DC if you decide to go that route.
0
 
JasonDuncanworksAuthor Commented:
1 DC
Server 2008 NOT SBS for sure.

Thanks! I will try the DNS change.
0
 
JasonDuncanworksAuthor Commented:
I set the DNS to the server, IPCONFIG/FLUSHDNS and reboot. I get the same permission error.
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
What happens if you ping the hostname of the dc.?

What happens if you ping the FQDN of the hostname if this fails ie. Hostname.domainname.local?

What happens if we run the NSlookup on this Site B machine now.

Try running IPconfig /flushdns then IPconfig /registerdns too
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Also what is the DHCP server on the Site B Machine here, is it the firewall on Site B by any chance?
0
 
JasonDuncanworksAuthor Commented:
Ping hostname - full reply
Ping FQDN  -  Full reply

C:\Windows\system32>nslookup
Default Server:  UnKnown
Address:  192.168.2.254

Ran both commands, still same issue.
0
 
JasonDuncanworksAuthor Commented:
Site B DHCP is the SonicWALL - 192.168.1.1
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
can we access any network shares from site b machine?

has this ever worked before I'm taking it this is a new site btw.

on the site b machine can we
1 manually set the ip on the site b network range subnet mask as you see fit and default gateway to site b firewall.
2 manually set the dns as follows primary dns ip of domain controller secondary dns none.
0
 
JasonDuncanworksAuthor Commented:
At lunch, will do as soon as I get back
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
192.168.1 is site A . 192.168.2 is site B
please correct me if I'm wrong

site B machine is receiving dhcp from site A firewall?

is active directory DC on site A not using dhcp?  

if it is we should not have 2 different dhcp servers
active directory should be configured to do dhcp for both  sites here and to use root hints.

can you also confirm in the registry where the redirected folders are pointed too on site b machines?

cool enjoy your lunch
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
also what is 192.168.2.254
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
also would like to confirm lan ip for Sonic A and Sonic B

lan ip for DC too

What the exact DHCP settings issues from Sonic A Sonic B and DC.
0
 
JasonDuncanworksAuthor Commented:
Site A Server 2008 DHCP and DNS on the Server - 192.168.2.254 - SonicWALL TZ210 VPN (192.168.2.1)

Site B - SonicWALL (192.168.1.1) VPN to Site A

Site B folders are still on local machine.

This has never worked. Not a new site.

With the VPN connection does it not have to be on a different subnet?
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
The networking looks fine actually. Site B machine actually has the correct DNS settings and DHCP settings.

Yes both sites have to be on different subnets with the VPN.
0
 
JasonDuncanworksAuthor Commented:
What would you like me to try next?
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
hehe im thinking about it, its a funny one. You can access by IP by going \\IP but not by \\Hostname also try access \\FQDN

Can you access other shared folders or printers on DC from Site B machine?

Can you post the exact event log message from the client machine please. Sensor out any private info.
0
 
JasonDuncanworksAuthor Commented:
\\ip = access to folder shares

\\hostname = you do not have permission to access

\\FQDN = access to folder shares

Failed to apply policy and redirect folder "Pictures" to "\\server\shared\users\username\My Documents\My Pictures".
 Redirection options=0x9021.
 The following error occurred: "Can not create folder "\\server\shared\users\username\My Documents\My Pictures"".
 Error details: "Access is denied.

I guess I could just add the FQDN to the folder redirection in the GP correct?
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Try this create a new test folder on the DC with sharing Everyone full control and the NTFS permissions everyone full control.

Create the test folder through computer management -> shared folders on the DC. See if you can access that area.

Curious aswell if we type just \\hostname we get nothing right? access denied?
What I mean is when you say we cant access by hostname are you trying to access \\hostname\shared or \\hostname
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I reckon this one is us

Try adding the DNS domain suffix in the TCP/IP advanced properties of the troubled computer. That option should be set via DHCP option 015 as a best practice

Can you test this and revert back, add it to the site b machine and then if it works add it to the dhcp options under 015.
0
 
JasonDuncanworksAuthor Commented:
I just added the fqdn to the gp policy and all is good now. Thank you very much for your help. This is a small network and really not worth spending that much time on it.

Thank you again for your help!!!
0
 
JasonDuncanworksAuthor Commented:
Adding the FQDN to the GP fixed the issue. Thanks Mark!!
0
 
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Yep it will work im fairly nitty with my solutions though haha.

NP.

It might be worth adding the FQDN to your DHCP 015 pretty easy to do play around with it and test it. :D GL
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.