-
2
- #1
johngarland
IS-IT--Management
I finally got it all figured out - the fix to numerous problems here on the forum:
Setup the VPN connection with Windows 2000.
Use ISA to configure the VPN, activate the RRAS, etc.
On server be sure that DHCP or static pool is active. If you are using a router, be sure that your server is in the same subnet or is handled with routing (if router assigns your I.P when you connect, you need to be able to reach your server's I.P.)
I had only minor difficulty setting up the initial VPN, the first problem was that I had set "allow dial up access/VPN" properly, HOWEVER the rule said that if the user properly authenticated DO NOT allow access! Why this was the default I don't know... anyhow. Changed and my client connected without difficulty. Also had initial problem with DHCP - had just installed a new Linksys Router - accidentally left DHCP running. Everything working, but no script running, no access to network, (without manually browsing to known locations \\server\share\ no access to Internet. For the logon script to run, you MUST be logging into the domain. You can of course "cheat" and create a local copy of the script in the startup folder to run on boot, but that isn't a true solution. If you modify the default logon script and users are in a different state it isn't practical to have them come in and you manually modify their script. You want THE copy on THE server in the netlogon folder to run.
The simple but not intuitive fix for the problem is this:
Connect via the ISP, through dialup, DSL, cable, etc. Establish the VPN.
Add the client to the domain - just as you would any other computer. Alternatively you can pre-add the computername to the domain via RDP or locally on the server before trying it remotely. (if you don't want to give special access to users). You should receive a welcome message just as you would on the local network. Modify the VPN connection to dial your ISP FIRST if you are on a dialup connection. (not needed if you are using cable/dsl with home router) Reboot. When you logon, Choose Details/Advanced. Check the checkbox which says "use dialup to logon". A list of VPN connections/dialup connections should appear - choose your VPN connection. It should first dial your ISP - you will need to type in the username and password manually (as it assumes that you have one username/password for all connections) As soon as you are connected to the ISP, the VPN should connect and allow you to login to the domain. Your logon script should be processed, you should be able to use the network in every way which you would locally.
I have tested Exchange, and it works beautifully.
The only small detail I have left is wether you will need proxy or ISA client on the workstation (to use the Internet while connected). My thought on this is yes. I have tried to install the firewall client on my machine, but it hangs on my slow dialup connection. When I synchronize and then try to install offline, it gives me an error saying it was interrupted (which is was not).
I have read other posts saying they could browse the Internet, I cannot. Two different SBS2000 servers, both act the same way. I tried setting up the proxy server manually in IE, but it says that it doesn't apply to VPN connections. I am uncertain what this means. Does it mean that even though you explicitly set the proxy server's internal I.P. that it will ignore it, even though the workstation can access that I.P. while connected via the VPN? Anyone with a definite solution here please post!
Setup must be the following:
VPN + ISA or Proxy on remote network.
Hope this helps!
Took me several DAYS of work to get this working. All very simple now that it is complete.
Now if only I could figure out how to get that CellPipe DSL router to work with RRAS...
Setup the VPN connection with Windows 2000.
Use ISA to configure the VPN, activate the RRAS, etc.
On server be sure that DHCP or static pool is active. If you are using a router, be sure that your server is in the same subnet or is handled with routing (if router assigns your I.P when you connect, you need to be able to reach your server's I.P.)
I had only minor difficulty setting up the initial VPN, the first problem was that I had set "allow dial up access/VPN" properly, HOWEVER the rule said that if the user properly authenticated DO NOT allow access! Why this was the default I don't know... anyhow. Changed and my client connected without difficulty. Also had initial problem with DHCP - had just installed a new Linksys Router - accidentally left DHCP running. Everything working, but no script running, no access to network, (without manually browsing to known locations \\server\share\ no access to Internet. For the logon script to run, you MUST be logging into the domain. You can of course "cheat" and create a local copy of the script in the startup folder to run on boot, but that isn't a true solution. If you modify the default logon script and users are in a different state it isn't practical to have them come in and you manually modify their script. You want THE copy on THE server in the netlogon folder to run.
The simple but not intuitive fix for the problem is this:
Connect via the ISP, through dialup, DSL, cable, etc. Establish the VPN.
Add the client to the domain - just as you would any other computer. Alternatively you can pre-add the computername to the domain via RDP or locally on the server before trying it remotely. (if you don't want to give special access to users). You should receive a welcome message just as you would on the local network. Modify the VPN connection to dial your ISP FIRST if you are on a dialup connection. (not needed if you are using cable/dsl with home router) Reboot. When you logon, Choose Details/Advanced. Check the checkbox which says "use dialup to logon". A list of VPN connections/dialup connections should appear - choose your VPN connection. It should first dial your ISP - you will need to type in the username and password manually (as it assumes that you have one username/password for all connections) As soon as you are connected to the ISP, the VPN should connect and allow you to login to the domain. Your logon script should be processed, you should be able to use the network in every way which you would locally.
I have tested Exchange, and it works beautifully.
The only small detail I have left is wether you will need proxy or ISA client on the workstation (to use the Internet while connected). My thought on this is yes. I have tried to install the firewall client on my machine, but it hangs on my slow dialup connection. When I synchronize and then try to install offline, it gives me an error saying it was interrupted (which is was not).
I have read other posts saying they could browse the Internet, I cannot. Two different SBS2000 servers, both act the same way. I tried setting up the proxy server manually in IE, but it says that it doesn't apply to VPN connections. I am uncertain what this means. Does it mean that even though you explicitly set the proxy server's internal I.P. that it will ignore it, even though the workstation can access that I.P. while connected via the VPN? Anyone with a definite solution here please post!
Setup must be the following:
VPN + ISA or Proxy on remote network.
Hope this helps!
Took me several DAYS of work to get this working. All very simple now that it is complete.
Now if only I could figure out how to get that CellPipe DSL router to work with RRAS...
