Can I join a domain over VPN?

TheMSsForum.com: The Microsoft Software Forum

Hi there,

As per subect, can I add workstations into a domain over a VPN
session? Clients are XP Pro and server is SBS2000.

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Marina

Marina
Thu Nov 11 08:01:12 CST 2004

Hi Jon,

Take a look at this:

Smallbizserver.Net > SBS 2003 > Workstations > Connecting a remote
workstation to a domain:
http://www.smallbizserver.net/Default.aspx?tabid=167

--
Regards,

Marina
Microsoft SBS-MVP

"Project Sega" <usenet@TAKE-THIS-OUTjon.lamb.co.uk> schreef in bericht
news:ilr6p0pd8ds8d50ft2pv6n45qkld1vi3nc@4ax.com...
> Hi there,
>
> As per subect, can I add workstations into a domain over a VPN
> session? Clients are XP Pro and server is SBS2000.
>
> Rgrds,
> Jon


Top

Re: Can I join a domain over VPN? by Project

Project
Thu Nov 11 10:03:18 CST 2004

On Thu, 11 Nov 2004 15:01:12 +0100, "Marina Roos [SBS-MVP]"
<marina@roos.nodontwantspam.nl.com> wrote:

>Hi Jon,
>
>Take a look at this:
>
>Smallbizserver.Net > SBS 2003 > Workstations > Connecting a remote
>workstation to a domain:
>http://www.smallbizserver.net/Default.aspx?tabid=167

Thanks Marina,

Thats just what I need!

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Project

Project
Mon Nov 22 13:16:17 CST 2004

On Thu, 11 Nov 2004 16:03:18 +0000, Project Sega
<usenet@TAKE-THIS-OUTjon.lamb.co.uk> wrote:

>On Thu, 11 Nov 2004 15:01:12 +0100, "Marina Roos [SBS-MVP]"
><marina@roos.nodontwantspam.nl.com> wrote:
>
>>Hi Jon,
>>
>>Take a look at this:
>>
>>Smallbizserver.Net > SBS 2003 > Workstations > Connecting a remote
>>workstation to a domain:
>>http://www.smallbizserver.net/Default.aspx?tabid=167
>
>Thanks Marina,
>
>Thats just what I need!

Just got round to trying this today and still struggling.

I can connect up fine over VPN. I can ping the server by name and IP
address.

When changing from workgroup to domain though, it thinks for a while
and then says the domain controller cannot be contacted. There doesnt
seem to be much happening over the VPN link in terms of traffic.

Anybody had similar problems?

Just to remind, its XP SP2 and SBS2003

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Project

Project
Mon Nov 22 13:18:57 CST 2004

On Mon, 22 Nov 2004 19:16:17 +0000, Project Sega
<usenet@TAKEOUTjon-lamb.co.uk> wrote:

<snip>
>
>When changing from workgroup to domain though, it thinks for a while
>and then says the domain controller cannot be contacted. There doesnt
>seem to be much happening over the VPN link in terms of traffic.
>
>Anybody had similar problems?

On other thing if its useful, I can type \\server at the run box and
see all the network shares so connectivity to the server seems good.

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Marina

Marina
Mon Nov 22 14:11:10 CST 2004

Hi Jon,

Please post the ipconfig/all when vpn-ed in.

--
Regards,

Marina
Microsoft SBS-MVP

"Project Sega" <usenet@TAKEOUTjon-lamb.co.uk> schreef in bericht
news:3re4q05jtinc0h6j3pmo1ippob50ap3td7@4ax.com...
> On Mon, 22 Nov 2004 19:16:17 +0000, Project Sega
> <usenet@TAKEOUTjon-lamb.co.uk> wrote:
>
> <snip>
> >
> >When changing from workgroup to domain though, it thinks for a while
> >and then says the domain controller cannot be contacted. There doesnt
> >seem to be much happening over the VPN link in terms of traffic.
> >
> >Anybody had similar problems?
>
> On other thing if its useful, I can type \\server at the run box and
> see all the network shares so connectivity to the server seems good.
>
> Rgrds,
> Jon


Top

Re: Can I join a domain over VPN? by Project

Project
Mon Nov 22 14:34:35 CST 2004

On Mon, 22 Nov 2004 21:11:10 +0100, "Marina Roos [SBS-MVP]"
<marina@roos.nodontwantspam.nl.com> wrote:

>Hi Jon,
>
>Please post the ipconfig/all when vpn-ed in.

Hello Marina,

Many thanks for your reply. My ipconfig is at the end of this email.
As mentioned, if I go \\server, I can see my network shares. The
gateway is missing of the VPN as I've unticked use default gateway on
remote network but I've tried it with it ticked also.

Rgrds,
Jon


Windows IP Configuration

Host Name . . . . . . . . . . . . : admin
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT
Physical Address. . . . . . . . . : 00-0D-61-53-8E-31
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.5.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.252
DNS Servers . . . . . . . . . . . : 213.208.106.213
213.208.106.212

PPP adapter VPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.34.98.23
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.34.98.3
Primary WINS Server . . . . . . . : 192.34.98.3

Top

Re: Can I join a domain over VPN? by Marina

Marina
Mon Nov 22 18:57:55 CST 2004

Hi Jon,

You are missing the local AD dns suffix on your vpn connection. Did you
check the 'use windows domain' on the options tab?

Are you using public IP's on your servernic(s)???

--
Regards,

Marina
Microsoft SBS-MVP

"Project Sega" <usenet@TAKEOUTjon-lamb.co.uk> schreef in bericht
news:0ti4q05miit0dnfkfrkc8ti1cs5ee4tig8@4ax.com...
> On Mon, 22 Nov 2004 21:11:10 +0100, "Marina Roos [SBS-MVP]"
> <marina@roos.nodontwantspam.nl.com> wrote:
>
> >Hi Jon,
> >
> >Please post the ipconfig/all when vpn-ed in.
>
> Hello Marina,
>
> Many thanks for your reply. My ipconfig is at the end of this email.
> As mentioned, if I go \\server, I can see my network shares. The
> gateway is missing of the VPN as I've unticked use default gateway on
> remote network but I've tried it with it ticked also.
>
> Rgrds,
> Jon
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : admin
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 CT
> Physical Address. . . . . . . . . : 00-0D-61-53-8E-31
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.5.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.5.252
> DNS Servers . . . . . . . . . . . : 213.208.106.213
> 213.208.106.212
>
> PPP adapter VPN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.34.98.23
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.34.98.3
> Primary WINS Server . . . . . . . : 192.34.98.3
>


Top

Re: Can I join a domain over VPN? by Project

Project
Tue Nov 23 03:45:12 CST 2004

On Tue, 23 Nov 2004 01:57:55 +0100, "Marina Roos [SBS-MVP]"
<marina@roos.nodontwantspam.nl.com> wrote:

>Hi Jon,
>
>You are missing the local AD dns suffix on your vpn connection. Did you
>check the 'use windows domain' on the options tab?
>
>Are you using public IP's on your servernic(s)???

Hello Marina,

Yes, I ticked and entered the domain name when connecting.

On this particular site, it has a static public ip address in the
router. There is a DMZ setting on the router which passes all traffic
to the local IP address. This passess a VPN connection successfully
and I can ping the server by hostname and ip address.

On other sites that I've set up that do have public IP addresses on
the NIC, I get the same problem.

Would I be correct in thinking its logging me on but not on to the
domain?

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Marina

Marina
Tue Nov 23 04:52:40 CST 2004

Hi Jon,

So you get authorized by that router/firewall but obviously not by the
remote domain. Sorry, I have never worked with these kind of connections. I
always let the sbs server be the vpn server.

--
Regards,

Marina
Microsoft SBS-MVP

"Project Sega" <usenet@TAKEOUTjon-lamb.co.uk> schreef in bericht
news:t816q0dcveapq96vnstua8sqghs3if4s8j@4ax.com...
> On Tue, 23 Nov 2004 01:57:55 +0100, "Marina Roos [SBS-MVP]"
> <marina@roos.nodontwantspam.nl.com> wrote:
>
> >Hi Jon,
> >
> >You are missing the local AD dns suffix on your vpn connection. Did you
> >check the 'use windows domain' on the options tab?
> >
> >Are you using public IP's on your servernic(s)???
>
> Hello Marina,
>
> Yes, I ticked and entered the domain name when connecting.
>
> On this particular site, it has a static public ip address in the
> router. There is a DMZ setting on the router which passes all traffic
> to the local IP address. This passess a VPN connection successfully
> and I can ping the server by hostname and ip address.
>
> On other sites that I've set up that do have public IP addresses on
> the NIC, I get the same problem.
>
> Would I be correct in thinking its logging me on but not on to the
> domain?
>
> Rgrds,
> Jon


Top

Re: Can I join a domain over VPN? by Project

Project
Tue Nov 23 11:30:20 CST 2004

On Tue, 23 Nov 2004 11:52:40 +0100, "Marina Roos [SBS-MVP]"
<marina@roos.nodontwantspam.nl.com> wrote:

>Hi Jon,
>
>So you get authorized by that router/firewall but obviously not by the
>remote domain. Sorry, I have never worked with these kind of connections. I
>always let the sbs server be the vpn server.

Hello Marina,

SBS is the VPN server. The router passes any internet traffic to its
DMZ port which is the external nic of the SBS server. The SBS server
is doing the authentication / vpn / firewall.

Rgrds,
Jon



Top

Re: Can I join a domain over VPN? by Project

Project
Tue Nov 23 13:49:56 CST 2004

On Tue, 23 Nov 2004 11:52:40 +0100, "Marina Roos [SBS-MVP]"
<marina@roos.nodontwantspam.nl.com> wrote:

>Hi Jon,
>
>So you get authorized by that router/firewall but obviously not by the
>remote domain. Sorry, I have never worked with these kind of connections. I
>always let the sbs server be the vpn server.

Problem solved and it was me doing something very stupid.

I was entering the netbios domain name like I do when I'm on site.

When I entered theirdomainname.local over a VPN connection, it has
just worked for me and added me to the domain! :)

Thanks for your help and input.

Rgrds,
Jon
Top

Re: Can I join a domain over VPN? by Marina

Marina
Thu Nov 25 06:32:37 CST 2004

Hi Jon,

Great! Thanks for reporting back.

--
Regards,

Marina
Microsoft SBS-MVP

"Project Sega" <usenet@TAKEOUTjon-lamb.co.uk> schreef in bericht
news:bu47q0pfd76odqdb3bkeovl37n7t9g9j31@4ax.com...
> On Tue, 23 Nov 2004 11:52:40 +0100, "Marina Roos [SBS-MVP]"
> <marina@roos.nodontwantspam.nl.com> wrote:
>
> >Hi Jon,
> >
> >So you get authorized by that router/firewall but obviously not by the
> >remote domain. Sorry, I have never worked with these kind of connections.
I
> >always let the sbs server be the vpn server.
>
> Problem solved and it was me doing something very stupid.
>
> I was entering the netbios domain name like I do when I'm on site.
>
> When I entered theirdomainname.local over a VPN connection, it has
> just worked for me and added me to the domain! :)
>
> Thanks for your help and input.
>
> Rgrds,
> Jon


Top