Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot join SBS 2k3 Domain over hard VPN

Status
Not open for further replies.
cglass1015

cglass1015

IS-IT--Management
Jul 1, 2005
39
US
Currently I have a site to site IPsec VPN set up between the corp office and a branch office using Cisco 1711 routers at both ends. The VPN has worked flawlessly but the time has come to add the branch office PC's to the domain. However I cannot get those PCs to join up using the /servername/connectcomputer method or the standard way under system properties.

I was able to log on to the domain w/o any problem with my laptop; a computer that was already joined to the domain from the branch office side. The entire process was smooth and my documents sync'd up as they should have.

branch office pc's are using XP SP2. Here is an example setup

branch office client
IP address: 192.168.2.20
Subnet: 255.255.255.0
Gateway: 192.168.2.1
DNS: 192.168.1.3
No DHCP

SBS 2003 server
IP address: 192.168.1.3
Subnet: 255.255.255.0
Gateway: 192.168.1.254
DNS: (IP of ISP's DNS server)
No DHCP

I am able to ping the SBS server from the client pc using both the IP address and the name of the server. I can see all the server's shares from client PC.

I have already changed the IP settings for IIS for the default website and the companyweb to allow the branch offices IP address range.

The routers are not blocking any traffic between the two points.

I probably forgot some important information so tell me if I did.



 
Sort by date Sort by votes
For starters, your server DNS is not set up properly, and I would guess probably not fully configured. You should also be using the SBS DHCP for the clients, not the router DHCP. The server should always only point to itself for DNS, and you should have DNS forwarders configured for external internet resolution. AD relies heavily on DNS to function correctly.

Get this straightened out first.
 
Upvote 0 Downvote
I made an error when I entered in the server information. The server is pointing to itself for DNS. Also, I am using static internal IP's so there is no DHCP running period.
 
Upvote 0 Downvote
It should also be noted that the branch office pc's can browse the web w/o problem using the SBS server for DNS
 
Upvote 0 Downvote
Thanks for the guide. Couple of questions...Do I need to enter the the "DNS Suffix for this Connection" under DNS properties on the branch office client machine to the local domain name? I did not have to do that for joining any of the corp. office client machines. Also, does the "Use this connections DNS suffix in DNS registration" need to be checked? Again, I did not use this setting for joining the local clients.

I have also noticed that the branch office client machines that I am trying to connect are not registered in Forward Lookup Zones -> "My domain". Should they be here, or are they not entered in this area until after they join the domain. There is also not a subnet for the branch office setup under Reverse Lookup Zones. I.E. there is folder for 192.168.1.x but not 192.168.2.x.

Thanks for tips so far, any additional suggestions will be appreciated.
 
Upvote 0 Downvote
It should be noted that I cannot load the page or the page from the branch office client pc's. I have also tried connecting to these pages with the SBS's box internal IP address without success
 
Upvote 0 Downvote
I can't add remote machines through a Cisco PIX even though VPN works great either. I can ping, my internal DNS is set to point to the server and the forwarders are set correctly. I can remotely administer any machines either outside the PIX with Remote desktop. I'm pretty sure port 3389 is open but I'm also not sure how to check it in the PIX or my hardware firewall.

The biggest problem is when a new employee comes in to a remote site I can add them to AD but I have to go out the the site to add them to the local machine. I'd like to find a way to remotely admin them with built in utilities.
 
Upvote 0 Downvote
Goto My Computer > Properties > Remote Tab and enable 'Remote Desktop'. Totally different (same protocol) than remote assistance. You can't do this remotely.

Another thing that is good for remote admin is goto your PC's 'computer management' MMC and pull-down the 'Action' menu to 'Connect to another computer'.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
373
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
136
ADB100
ADB100
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
116
StevenFromSouth
StevenFromSouth
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
336
fredmartinmaine
fredmartinmaine
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top