Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEFVP41: Joining a Win2K Domain 1

Status
Not open for further replies.

jpwheeler

MIS
Apr 16, 2002
1
US
I have two sites linked via a static VPN tunnel (using 2 Linksys BEFVP41 VPN Router/Firewalls). So far I can resolve name to IP over the tunnel. I can ping any computer accross the the tunnel. I can access shared resources through the tunnel. The one thing I have yet to be able to do is add a computer to the domain through the tunnel. After some time I finally get an error message: "The network name is no longer available".

I also tried installing a Win2K server at Site B and promoting it to a DC. Which failed with the same error message. I then tried to create a child domain using the Site A domain as the parent. That failed as well. Am I doing something wrong, or is not possible to add computers and DCs to a domain through a VPN pipe?

Site A Info:

IP Subnet: 10.10.1.0
DC: primary.domain.com
DC: backup.domain.com

Site B Info:

IP Subnet: 10.10.2.0
DC's: None as of yet. (I want to add a server.child.domain.com or just a
server.domain.com)
 
Hi,
I'm having the same problem.
Did you ever find an answer.
 
Hi, try creating following lmhostst-file to your remote computers:

# LMHOSTS-file for remote domain logon
ip.of.domain.contr PDCmachinename #PRE #DOM:DOMAINNAME
ip.of.domain.contr "PDCmachinename \0x1B"
# 16 characters incl. spaces between brackets above

Should work
 
I'll try it, but you would think plain DNS would work.
I've done a few IP captures and it seems to be dropping at ports 88 and 4xxx kerberos ports? not sure.
Thanks for the tip.
I've seen similiar issues among other posts. If this doesn't work I'll have to talk to the MS techs and see what I can come up with.

 
HA!!!
it was kerberos
the default communication protocol for kerberos is UDP.
bad across a VPN because of the numerous routing. packets get out of synch or lost and UDP doesn't give damn. therefore errors.
there is a registry entry you can use to switch keberos to TCP.
see Microsoft Q244474 or here it is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Create or Edit
Key Name : MaxPacketSize
Data Type: REG_DWORD
Value: 1
You don't need a WINS server or an LMHOSTS file (unless using old NT servers, and they suck anyway)

So here is the magic bye.
 
When setting the machine up on the the other side don't allow it to DHCP give it a static IP and in the DNS give it the internal DNS of your DC and also if you have wins installed give it the wins on the DC side. Also under the VPN tab of your linksys router at the bottom of every tunnel there is a more hyperlink. Click on that and enable netbios.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top