BeGentleWithMe-INeedHelp
asked on
Whats the right way to set up a VPN and laptops at remote locations to allow access to the domain controller and shares
This is likely networking 101, but.... I'm stuck.
SBS 2011 server at location A (192.168.1.0 subnet)
Location B is connected to location A with VPN, subnet 192.168.2.0. The router at location B currently gives out public DNS IP addresses
What's the right way to set things up for domain added laptops running win 10 pro at location B to be able to access shares on the server like \\serer\files? The server is the domain controller. There's only that 1 server.
Use a Hosts file? It has that now with entries:
server 192.168.1.3
server.domainname.local 192.168.1.3 (is this needed?)
When they click on a mapped drive, a windows security box pops up asking for credentials, and even though we check 'remember my credentials', it asks again after a reboot. This window ALSO says 'the system cannot contact a doimain controller to service the authentication request. Please try again later.
You click OK after adding credentials, get to the files and all is fine. till a reboot.
What do I need to do so it can get to the domain controller across the VPN?
Why doesn't it save the credentials after a reboot?
Why does it even ask for the credentials - the user and password entered when logging in are the credentials.
THANKS!
SBS 2011 server at location A (192.168.1.0 subnet)
Location B is connected to location A with VPN, subnet 192.168.2.0. The router at location B currently gives out public DNS IP addresses
What's the right way to set things up for domain added laptops running win 10 pro at location B to be able to access shares on the server like \\serer\files? The server is the domain controller. There's only that 1 server.
Use a Hosts file? It has that now with entries:
server 192.168.1.3
server.domainname.local 192.168.1.3 (is this needed?)
When they click on a mapped drive, a windows security box pops up asking for credentials, and even though we check 'remember my credentials', it asks again after a reboot. This window ALSO says 'the system cannot contact a doimain controller to service the authentication request. Please try again later.
You click OK after adding credentials, get to the files and all is fine. till a reboot.
What do I need to do so it can get to the domain controller across the VPN?
Why doesn't it save the credentials after a reboot?
Why does it even ask for the credentials - the user and password entered when logging in are the credentials.
THANKS!
I think what would be fair to ask is what is your current network setup? What types of routers are you using and how exactly are they configured? How are users at the second location getting DHCP information? It's hard to give you a good answer without knowing what you're working with here. And looking at Cliff's comment, it may very well be the cause of that issue.
ASKER
Thanks guys.
location 1 has SBS 2011 standard w/ ip of 192.168.1.3. It's the DNS and DHCP server for that location. DHCP gives out 192.168.1.3 as the DNS server and ...1.1 as the gateway
There's a watchguard firewal (192.168.1.1)l configured for people to access the web and 1 end of a VPN
Location 2 has a watchguard firewall. It's the DHCP server for the couple devices at that end of the VPN It's IP is 192.168.2.1 and gives out IPs in that subnet. It also (currently) gives out the Verizon FiOS DNS server's IP addresses.
So would you both agree - as a first step, change location 2's DHCP settings to give out 192.168.1.3 as DNS server?
Any other changes?
Assuming you say yes, that's the right way to do it, as Cliff says, the drawback is that if location 1 goes down - internet, server, etc. , that takes down location 2 pretty much completely even though they still have internet, etc.? But that's a rare case vs. leaving things as is and most of the time (all the time) things not working right?! : )
Or set up the watchguard as DNS server? Being that someone else set up the Watchguards / i have very little knowledge of them, I'm much more comfortable going into the watchguard at location 2 and changing the DNS server setting in DHCP.
location 1 has SBS 2011 standard w/ ip of 192.168.1.3. It's the DNS and DHCP server for that location. DHCP gives out 192.168.1.3 as the DNS server and ...1.1 as the gateway
There's a watchguard firewal (192.168.1.1)l configured for people to access the web and 1 end of a VPN
Location 2 has a watchguard firewall. It's the DHCP server for the couple devices at that end of the VPN It's IP is 192.168.2.1 and gives out IPs in that subnet. It also (currently) gives out the Verizon FiOS DNS server's IP addresses.
So would you both agree - as a first step, change location 2's DHCP settings to give out 192.168.1.3 as DNS server?
Any other changes?
Assuming you say yes, that's the right way to do it, as Cliff says, the drawback is that if location 1 goes down - internet, server, etc. , that takes down location 2 pretty much completely even though they still have internet, etc.? But that's a rare case vs. leaving things as is and most of the time (all the time) things not working right?! : )
Or set up the watchguard as DNS server? Being that someone else set up the Watchguards / i have very little knowledge of them, I'm much more comfortable going into the watchguard at location 2 and changing the DNS server setting in DHCP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Get a Windows server and create a DC at location 2, even if you have to hire outside help.
Uh, not enough money available for that
Re the link going down / location 2 being out of luck...
Don't get caught unprepared.
What things are you thinking of (other than another controller)?
ASKER
I changed the DNS server at location 2 to point to the domain controller at location 1. Accessing shares seems to work good now.
What things are you thinking of (other than another controller)?The domain controller is what I am thinking. No other way to keep active directory services available in the event of an outage.
I assume email is hosted in house. Eventually you may want to reevaluate that. Maybe when it's time to upgrade the server, move the email to the cloud. But that is separate of the original question posed.
I changed the DNS server at location 2 to point to the domain controller at location 1. Accessing shares seems to work good now.Yes, but remember what we have warned about what would happen if the link to location 1 is down for some reason. If you had DHCP give the watchguard as a secondary DNS server (assuming its capable), that would be a lesser evil than having no backup for DNS at all.
Uh, not enough money available for thatThe right way of doing something isn't necessarily the least expensive.
Of you can deal with the hassles of not having AD functionality. Hosts files are *no* replacement. A look at any AD-aware DNS server will show you a ton of records that are not reasonable to manage via hosts.