Problem remotely connecting to new domain

[ThunderChyld]

We have two offices, connected by a VPN.

I am currently in the middle of transfering everyone to our new server & domain (Win2k Advanced Server).

The local office is working perfectly on the new domain. However the remote office has the problems.....

They can ping the new server, they can map shared drives and even use it's printer. However when they try and join the domain they get an error - The RPC Server is Unavailable -

I've already checked/tried LOTS of things.....

The RPC service is started and I've stopped and restarted it too.
The firewall between offices isn't blocking/encrypting anything.
The user has full rights to do anything on the server.
I've rebooted everything.
All machines are fully updated/service packed.

The odd part is that when trying to connect with a new machine, the computer gets registered in AD as an account but is disabled.

If I reenable the account and then try to connect again I get same error on the client and AD disables the account again.

All my clients are Win XP


the only difference I can see between the two offices is the IP range....local are 192. and remote are 10.2

Could this be part of it and maybe I somewhere have to tell the server that, 'yes, this range are allowed onto the network?'

But if that is the case why does the server let them use shared resources or map it's drives?

Thanks for any ideas anyone has.

TC

 

[grimmy26]

Can you telnet to your DC from your clients on port 53 to check DNS connectivity

 

[ThunderChyld]

thanks for the reply.

I can telnet to the DC using default port (23?) but not using 53.

Does this help in narrowing down the problem or does it make it worse?

 

[coco10]

You need to allow DNS trafic between de 2 office, and check your vpn , because all de ipsec trafic need to be encapsulated. Another tip is , installa a wins server to help de name resolution.

 

[ThunderChyld]

Thanks for that.

Had already checked vpn and it's open for ALL traffic.

When you say encapsulated do you mean encrypted?

And will try WINS in the morning.

Thanks coco

TC

 

[coco10]

sorry my english when y say encapsulated I mean passtrough settings in the firewall for ipsec connections this is to be sure all te ports are open for de vpn

another tips is in the microsoft site check for domain trough vpn and you have there a complete list of the ports you need to open.

 

[coco10]

check this too RPC locator need this port 135

but I insist if the vpn its fine the firewall never block ports

 

[ThunderChyld]

Hi coco

thanks for your help again.

I've checked with our ISP and the VPN is set to let ALL traffic through so therefore open ports are not the problem.

What still puzzles me is why when they try to connect does it get all the way to AD but then AD disables the account and refuses to let them in??

Thanks

 

[coco10]

How you configure yuor dns ?
the 2 office are in the same domain?


hope helps
coco10

 

[coco10]

check your event viewer. !

coco10

 

[ThunderChyld]

Have checked event log a few times but there's never been any relevant messages.

I've come to the conclusion that it's definitely a DNS problem. So I intend to reconfigure this over the weekend and hopefully have everything working for Monday morning.

Thanks again coco and I'll reply again on Monday to let you know how I got on.

 

[coco10]

a tip from my experience is try to use 2 dns server with AD integrated zones 1 in the remote office and other in your office

 

[matkom]

I have the same problem. Till today i didn't have to think about it. Now I Do. So first. You don't have to care about ports. They all are unblocked because you have coonection through VPN. It allaws traffic between remote localizations. The think that should be done is to force Kerberos to use TCP rather than UDP. This requires putting key and value to registry on the server and workstations. I can write those keys when someone write me. I'll see if forums works. This is my first post.
My VPN connection and Domain works fine. Login on remote locations works little slower than inside.