Join PCs to a Windows domain at remote site

[thesame]

We have a small branch where they have 4 PCs. It's waste to place a Windows server in the branch, so I'm looking at possibility to include these 4 PCs into the Windows 2000 domain at our head office.

Remote branch:
192.168.2.0
255.255.255.0

Head Office:
192.168.1.0
255.255.255.0

The branch office and head office are connected with E10 that should provide enough bandwidth for this kind of connection (I assume).

Any suggestion is greatly appreciated!!!

 

[jwarmuth]

What's 'E10'?

Jeff Warmuth
MCSE, CNE
ICQ 129152989

 

[thesame]

It's our upgrade from T1. With E10, we have 10MB pipes between our branch companies.

 

[Pinheadh]

The best way I can think of is to create a VPN connection from your branch office or a direct link, which you might already have.

Have a permanent tunnel over the link and allow the branch office access to the Domain.

This URL should help more.

http://www.microsoft.com/technet/community/events/network/tnq30013.mspx

Regards,

Pinhead.

 

[thesame]

Thank you Pinhead!!!

We are already able to "talk" between every 2 of our branches. The E10 has enabled the inter-branch routing for us

The problem seems to be the PC can't reach the remote domain controller by its netbios name. The same situation is I can PING, from our head office, any other PC's IP in our WAN; however, I can't PING their computer names.

I've spent time on searching for previous posts on the similiar topics. Looks like some fellows can join PC's to a remote domain if both sites use the same IP subnet. Is the SAME SUBNET really a must?

 

[Pinheadh]

See if changing your subnet mask helps. You may have to change IP addresses to a 10.0.0.0 range. the 192.168.0.X range with a 255.255.255.0 class only allows 254(6) hosts.
Try changing your subnet mask to 255.255.248.0. This will allow for 192.168.X.X to be seen.

You may need to change to a 10.0.X.X range with a subnet mask of 255.255.252.0 or 255.255.248.0 depending on how many branch offices and also for expansion.

*******************
However upon reading your post again, this would be a waste of time because you can already ping the machines.
Sorry
*******************

Also check your WINS settings and DNS settings on the remote clients. Do they have correct DNS and WINS?

May need to manually change the LMHOSTS file on the remote PC's to force them to know the IP/name of the controller.

Hope this helps.

Regards,

Pinhead.

 

[mrmoneymatters]

Do you still need help on this matter?

 

[thesame]

Before I change our IP schema, I will have to do more experiments. It won't be easy for us to go that direction; I will first prove the change will enable us to connect remote PCs into one of our Windows domains.

I'll get back after I find out...

Thanks again Pinhead!

 

[thesame]

Yes, I do need help on this issue!

Any suggestions, Mr Money Matters?

 

[mrmoneymatters]

Well, like someone else mentioned earlier, it is dns related. I don't think you should change your subnet yet, I don't see how that will help. So lets start from the beginning.
You said you can ping anything from anywhere, is that correct?
I think you even said while using a computer from your main office you cant ping any computers at your other branch using netbios names?
First, can you ping any computers at all using the fqdn?
Try that and let me know.
Also, how many subnets do you have set up under ad sites, what are they?

 

[thesame]

From our head office, I can ping every remote computer with its IP, not its DNS name or FQDN.

I have only one subnet at each branch (geography site). In our head office, I use 192.168.1.0/16. In one of the braches, I use 192.168.2.0/16.

Since you mentioned the DNS issue, I can probably show you how I set up PCs in the remote branch.

One of Windows 2000 computers has the following setup:

IP: 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.200 (ADSL router, for their Internet)
DNS: 192.168.2.200

In the head office, our Windows domain controller is set up like this:

IP: 192.168.1.2
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.200 (ADSL router)
DNS: 192.168.1.2
192.168.1.200

Is there any further way to verify I got DNS set up correctly?

 

[mrmoneymatters]

Your remote computers is set to use dns server 192.168.2.200, that is the adsl router. Well, when that computer boots up it doesn't know how to contact the dc. If your domain controller is the dns server also, put that server's ip in the dns setting on the client.

I need to understand a little more about your connection to the branch. Does the branch just have one connection that goes through the dsl router back to you?

 

[mrmoneymatters]

Your computer has to use that dc for dns, or you will never be able to join that domain.

 

[thesame]

If I understand you correctly, I need to set up the PC as the following:

IP: 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.200 (ADSL router, for their Internet)
DNS: 192.168.1.248

The DNS looks a little strange, because it's on a different subnet from the computer iself and the Gateway. But I will give it a try That's also the reason I asked whether I should keep one same subnet for all the branches (sites).



The Inter-branch traffic is set up on the Cisco routers, configured by our E10 provider. But I set up fairly complicated routings on our ADSL router to differentiate internal (ie Inter-branch) and external (Internet) traffic. The reason is we give only 1 gateway on each computer, and it's the ADSL router's IP. The ADSL router has to know how to direct traffic to Internet if the users request Google or CNN.

Hope the above looks clear...

 

[thesame]

DNS: 192.168.1.248

Should be

DNS: 192.168.1.2

 

[mrmoneymatters]

Thats what I suggest trying. See, if you use your adsl router as the dns it is going to forward it to the internet. Your router is not aware of your dns server. So, point that workstation to the server for dns. Then your router will send that traffic to the server first, if the server isn't able to resolve it, it will then send it to the forwarder servers (isp). If your dns traffic is directed to the server first then you will be able to join it to the domain. Next, your workstation will update the dns zone with its record making it pingable using its name.

Hope this helps.

 

[thesame]

You are the MAN, MRMONEYMATTERS!!!!! This has proven to be a workable setting. I have included one of remote computers into my domain here. It works like charm!

It has been conceptual mistake that GATEWAY and DNS have to be in the same subnet as the computer itself.

IP: 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.2.200 (ADSL router, for their Internet)
DNS: 192.168.1.2

Next, I need to figure out how the Internet traffic is directed by this setting. Obviously the remote computer checks the DC in the head office for name resolution. But I hope the real surfing still flows through its local ADSL router. Do you have any idea on this?

Thank you thank you thank you...

 

[mrmoneymatters]

I am glad I could help. You will probably have to use tracert to find out where you are getting out to the net. My first guess is you are using the main branch for internet. I need to know a little more.

Now, from what I can tell, you are running some kind of transparent lan. That means your branches are just connected to the provider and they are doing the routing for you. Is this correct. Do you have only one physical connection at each location?

 

[thesame]

We pay our inter-branch communication on an usage basis. My boss definitely doesn't want to see a larger bill next month...

 

[mrmoneymatters]

Do you have only one physical connection at each branch?