Re: Virtual LAN Problem
From: Liam (Liam_at_discussions.microsoft.com)
Date: 03/16/05
- Next message: Eric_Hartley: "SBS Monitoring installed on Full version Server 2003"
- Previous message: Fec: "Re: Cannot connect to own pc via RWW"
- In reply to: Joe: "Re: Virtual LAN Problem"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Virtual LAN Problem"
- Reply: Marina Roos [SBS-MVP]: "Re: Virtual LAN Problem"
- Reply: Joe: "Re: Virtual LAN Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Mar 2005 07:21:01 -0800
Hi Joe,
Yes I agree: "We are all learning together"...and I have this problem 95%
complete!
I must say that you were bang on Joe. I DID have to use DHCP from the
Gateway device and MANUAL DNS settings to get it to work. Good work.
Part of the problem here was describing what it was that we wanted. Iwanted
my users at the remote site to be able to log in just as if they were in our
head office. ISn't this a virtual LAN and NOT a VPN connection? I have VPN
software with the Gateway that worked fine but the whole purpose of buying
the second Gateway was to have seamless LAN connectivity. Are these
considered the same thing? I don't think so but many people I have talked to
want to use the VPN idea as a VLAN...not quite the same, but I am not sure.
Anyway, here is my sordid story:
After 4 or 5 days of mucking around with this problem, I had intermittent
connectivity with the remote LAN and from the remote LAN.
My users could map a drive if and ONLY if they had been part of the domain
BEFORE they went to the remote sire and even that connectivity was sketchy.
So I bit the bullet and paid $249 CDN to microsoft support and I must say I
was impressed by their help.
The issue is not 100% resolved yet but here is much of the solution.
First, my Symantec Gateway Security router model 360R did not have a stable
tunnel. It collapsed after trying to allow it to have a remote DNS address
entered into its' field under WAN--> Advanced-->Remote LAN.
Also the router would hang and everybody and their aunt would get 169
address at the remote site until I re-booted the device. The reason was not
apparent because the tunnel status at both router was showing: "ENABLED"
Which to me meant we had a good tunnel. Actually it is supposed to say:
"CONNECTED"
I only found this out (the collapsed tunnel that is) after being on the
phone with MS and Symantec support...a total of 5 people over two continents
and three countries!
All working together...gotta love the comm links nowadays.
So once we had a stable tunnel we now had to let the MS product do its stuff.
I was told to do the following:
1. Confirm a decent tunnel by pinging the remote sites internal address.
Success
2. Confirm a decent tunnel by pinging the remote site internal clients.
Success
3. Allow the remote gateway device to manage DHCP. Success
4. Clients at the remote site must do the following:
Go to TCP/IP properties--> Advanced--> DNS tab
Enter the remote DNS IP Address in the top box labeled:
"DNS Server Address, in order of use"
At the bottom of the same tab in the box labeled:
"DNS Suffix for this connection:" enter the Domain Name
MyDomain.local
Once I had done this, I connected my Laptop (The one that is ALREADY part of
the Domain) and mapped my User folder on the SBS2003 machine
(\\SERVER_Name\Share_name\Share). It was slow but successful.
Then I tried to populate the My network places-->Ms Network-->MyDomain
After the now common sinking feeling (about 5 FULL minutes) the SBS server
showed on the right screen panel of Explorer...but no other machines.boo!
But I had full access to the files shares on the SBS box! WOOPEE! I won't
be fired!
I continued to refresh the page to no avail. All I could see was my PC and
the Server in the list. So I collapsed the explorer tree all the way to the
My Computer Icon. Hit refresh a few times and slowly opened the My Netork
Places.
All the PC's at the Headquarters site populated!
So it was a DNS problem compounded by the collapsing tunnel.
Now I believe my problem is 95% complete.
I went to one of the remote PC's running XP Home addition. This has never
been part of our domain. First I pinged the remote internal Ip adress of the
server and some other clients. Success!
Next I mapped a drive (\\PC_Name\Share_name\Share). Slowly it came up but
only after I was logged in as adminstrator. Then it timed out. (I don't have
the exact error message. It was late and time for dinner.)
So my last kick at the can was to try and connect the XP Home machine to the
network.
No luck...it wouldn't see the domain. boo!hiss!
So that is where I am at.
Connectivity to the remote site, and vice versa but unable to join the
domain from the remote site. I will probably get that one going on Thursday
as I am offsite today.
I must say I was very impressed with Microsoft's support services. It was
expensive but they threw all their resources at this problem, were patient as
I tried to get my tunnel running and spent at least 5 hours on the phone with
me. They were never condesending or pushy and until my problem is resolved, I
don't pay.
Thanks for your help Joe. I think I did learn alot and I will post the final
resolutions when I figure them out.
Liam
"Joe" wrote:
> In message <FA67E72B-B835-4B41-9C36-1CB17083F70A@microsoft.com>, Liam
> <Liam@discussions.microsoft.com> writes
> >Hi Joe, Sorry about the delay getting back to you. I really appreaciate this
> >help.
> >
> >The clients are mainly XP Pro but one W2K.
> >In the ipconfig, the remote machines are getting both IP and DNS from the
> >router gateway device.
> >1. I tried disabling DHCP service on the device and then no one in the
> >office could get internet.
> >2. So I disabled DCHP (again) and put the DNS from the SBS into the allotted
> >feild on the gateway device. Again no luck.
> >3. I re-enabled DCHP and left the SBS DNS address on the device. No luck.
> >4. I re-enabled DHCP on the device, left the DNS field on the device blank
> >and I was back at square one: Internet=YES Domain access=NO.
> >
> >In the past, one user managed to use \\server_name\shared_resource to access
> >a folder but this has since gone away! Perhaps that fumbling in the dark you
> >mentioned.
> >
> >My next steps are as follows:
> >Hard code the DNS and WINS address into the remote client.
> >Talk to Symantec to ensure I have a good tunnel (again)(I have been digging
> >away in there)
> >Try to determine if SBS is dishing up DNS to remote clients <---HOW do I do
> >this??
>
> If web browsing (or name resolution generally. Can you ping well-known
> Internet sites by name? Remember that some don't reply to pings) works
> on the clients, they must be getting DNS information from somewhere. If
> their ipconfig shows the only DNS server to be SBS, they must be getting
> it from there. I can't think of a simpler way to check.
> >
> >Am I on the right road?
> >
> I think so. Clients of SBS *must* use SBS for DNS, there are other
> things tied in here. (No, nobody seems quite sure what, only that many
> things break if you don't do it). If the VPN link cannot do this
> automatically, then you must do it manually. You can still accept IP
> addresses by DHCP but have manual DNS settings. If SBS supplies DHCP
> then it knows what clients it has, and where to find them, otherwise it
> may not.
>
> Basically, if the server does not know the client IP addresses, it will
> have trouble communicating with them. There are protocols for using
> broadcasts to find machines, but Microsoft are in the process of moving
> from one system to another, and nobody seems to know how heavily SBS
> relies on old technology. DHCP generally works for one subnet, whereas
> VPN must use two subnets if the routing is to work. In NT4 days, routers
> might or might not have the facility to pass DHCP information across
> different subnets. That job here would be done by the VPN hardware *if*
> it is done at all. Probably not.
>
> I still think you need to know first if the clients can ping the SBS,
> and vice versa. If the clients cannot do this, they cannot use DNS or
> anything else from the SBS. If the SBS cannot ping the clients, it
> cannot reply to their DNS requests.
>
> I think this is a difficult area. Probably most experience of VPN
> working is with SBS as the VPN endpoint, and only one client at each
> remote location. I have only used VPN this way, not using VPN-enabled
> routers. I think nobody has jumped in to correct me because nobody else
> is experienced with this type of VPN either. I have recently needed to
> use a VPN between a Windows client and SBS to enable communication
> between other devices, and I could not get help here on doing that.
> (Yes, I've worked it out).
>
> We're all learning together. I'm trying to use this VPN to link
> commercial VOIP equipment. The dealer selling it assured us it would
> work, but seem at a loss as to the details, particularly of IP routing.
> Maybe we can tell them, when we figure it out.
> --
> Joe
>
- Next message: Eric_Hartley: "SBS Monitoring installed on Full version Server 2003"
- Previous message: Fec: "Re: Cannot connect to own pc via RWW"
- In reply to: Joe: "Re: Virtual LAN Problem"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Virtual LAN Problem"
- Reply: Marina Roos [SBS-MVP]: "Re: Virtual LAN Problem"
- Reply: Joe: "Re: Virtual LAN Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
