Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEFVP41: Joining a Win2K Domain 1

Status
Not open for further replies.
jpwheeler

jpwheeler

MIS
Apr 16, 2002
1
0
0
US
I have two sites linked via a static VPN tunnel (using 2 Linksys BEFVP41 VPN Router/Firewalls). So far I can resolve name to IP over the tunnel. I can ping any computer accross the the tunnel. I can access shared resources through the tunnel. The one thing I have yet to be able to do is add a computer to the domain through the tunnel. After some time I finally get an error message: "The network name is no longer available".

I also tried installing a Win2K server at Site B and promoting it to a DC. Which failed with the same error message. I then tried to create a child domain using the Site A domain as the parent. That failed as well. Am I doing something wrong, or is not possible to add computers and DCs to a domain through a VPN pipe?

Site A Info:

IP Subnet: 10.10.1.0
DC: primary.domain.com
DC: backup.domain.com

Site B Info:

IP Subnet: 10.10.2.0
DC's: None as of yet. (I want to add a server.child.domain.com or just a
server.domain.com)
 
Sort by date Sort by votes
Hi,
I'm having the same problem.
Did you ever find an answer.
 
Upvote 0 Downvote
Hi, try creating following lmhostst-file to your remote computers:

# LMHOSTS-file for remote domain logon
ip.of.domain.contr PDCmachinename #PRE #DOM:DOMAINNAME
ip.of.domain.contr "PDCmachinename \0x1B"
# 16 characters incl. spaces between brackets above

Should work
 
Upvote 0 Downvote
I'll try it, but you would think plain DNS would work.
I've done a few IP captures and it seems to be dropping at ports 88 and 4xxx kerberos ports? not sure.
Thanks for the tip.
I've seen similiar issues among other posts. If this doesn't work I'll have to talk to the MS techs and see what I can come up with.

 
Upvote 0 Downvote
HA!!!
it was kerberos
the default communication protocol for kerberos is UDP.
bad across a VPN because of the numerous routing. packets get out of synch or lost and UDP doesn't give damn. therefore errors.
there is a registry entry you can use to switch keberos to TCP.
see Microsoft Q244474 or here it is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Create or Edit
Key Name : MaxPacketSize
Data Type: REG_DWORD
Value: 1
You don't need a WINS server or an LMHOSTS file (unless using old NT servers, and they suck anyway)

So here is the magic bye.
 
Upvote 0 Downvote
When setting the machine up on the the other side don't allow it to DHCP give it a static IP and in the DNS give it the internal DNS of your DC and also if you have wins installed give it the wins on the DC side. Also under the VPN tab of your linksys router at the bottom of every tunnel there is a more hyperlink. Click on that and enable netbios.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
305
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
196
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
614
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
161
Randy_F
Randy_F

Part and Inventory Search

Sponsor

Back
Top