Re: Virtual LAN Problem

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 03/16/05

• Next message: Mitch Reno: "Re: Linksys, SBC, SBS 2003, and internet"
• Previous message: hssmith: "AntiVirus Exclusions"
• In reply to: Liam: "Re: Virtual LAN Problem"
• Next in thread: Liam: "Re: Virtual LAN Problem"
• Reply: Liam: "Re: Virtual LAN Problem"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 16 Mar 2005 17:18:50 +0100

Hi Liam,

Great story.

But you do know that XP Home can't really join a domain, right?

-- 
Regards,
Marina
Microsoft SBS-MVP
One of the Magical M&M's
"Liam" <Liam@discussions.microsoft.com> schreef in bericht
news:237DDA34-3581-4A9E-8E63-53E029E072EA@microsoft.com...
> Hi Joe,
>
> Yes I agree: "We are all learning together"...and I have this problem 95%
> complete!
>
> I must say that you were bang on Joe. I DID have to use DHCP from the
> Gateway device and MANUAL DNS settings to get it to work. Good work.
>
> Part of the problem here was describing what it was that we wanted.
Iwanted
> my users at the remote site to be able to log in just as if they were in
our
> head office. ISn't this a virtual LAN and NOT a VPN connection? I have VPN
> software with the Gateway that worked fine but the whole purpose of buying
> the second Gateway was to have seamless LAN connectivity. Are these
> considered the same thing? I don't think so but many people I have talked
to
> want to use the VPN idea as a VLAN...not quite the same, but I am not
sure.
> Anyway, here is my sordid story:
>
>
> After 4 or 5 days of mucking around with this problem, I had intermittent
> connectivity with the remote LAN and from the remote LAN.
> My users could map a drive if and ONLY if they had been part of the domain
> BEFORE they went to the remote sire and even that connectivity was
sketchy.
>
> So I bit the bullet and paid $249 CDN to microsoft support and I must say
I
> was impressed by their help.
>
> The issue is not 100% resolved yet but here is much of the solution.
>
> First, my Symantec Gateway Security router model 360R did not have a
stable
> tunnel. It collapsed after trying to allow it to have a remote DNS address
> entered into its' field under WAN--> Advanced-->Remote LAN.
>
> Also the router would hang and everybody and their aunt would get 169
> address at the remote site until I re-booted the device. The reason was
not
> apparent because the tunnel status at both router was showing: "ENABLED"
> Which to me meant we had a good tunnel. Actually it is supposed to say:
> "CONNECTED"
> I only found this out (the collapsed tunnel that is) after being on the
> phone with MS and Symantec support...a total of 5 people over two
continents
> and three countries!
> All working together...gotta love the comm links nowadays.
>
> So once we had a stable tunnel we now had to let the MS product do its
stuff.
> I was told to do the following:
>
> 1. Confirm a decent tunnel by pinging the remote sites internal address.
> Success
> 2. Confirm a decent tunnel by pinging the remote site internal clients.
> Success
> 3. Allow the remote gateway device to manage DHCP. Success
> 4. Clients at the remote site must do the following:
>          Go to TCP/IP properties--> Advanced--> DNS tab
>           Enter the remote DNS IP Address in the top box labeled:
>            "DNS Server Address, in order of use"
>           At the bottom of the same tab in the box labeled:
>           "DNS Suffix for this connection:" enter the Domain Name
>           MyDomain.local
>
> Once I had done this, I connected my Laptop (The one that is ALREADY part
of
> the Domain) and mapped my User folder on the SBS2003 machine
> (\\SERVER_Name\Share_name\Share). It was slow but successful.
> Then I tried to populate the My network places-->Ms Network-->MyDomain
> After the now common sinking feeling (about 5 FULL minutes) the SBS server
> showed on the right screen panel of Explorer...but no other machines.boo!
> But I had full access to the files shares  on the SBS box! WOOPEE! I won't
> be fired!
>
> I continued to refresh the page to no avail. All I could see was my PC and
> the Server in the list. So I collapsed the explorer tree all the way to
the
> My Computer Icon. Hit refresh a few times and slowly opened the My Netork
> Places.
> All the PC's at the Headquarters site populated!
>
> So it was a DNS problem compounded by the collapsing tunnel.
>
> Now I believe my problem is 95% complete.
> I went to one of the remote PC's running XP Home addition. This has never
> been part of our domain. First I pinged the remote internal Ip adress of
the
> server and some other clients. Success!
> Next I mapped a drive (\\PC_Name\Share_name\Share). Slowly it came up but
> only after I was logged in as adminstrator. Then it timed out. (I don't
have
> the exact error message. It was late and time for dinner.)
> So my last kick at the can was to try and connect the XP Home machine to
the
> network.
> No luck...it wouldn't see the domain. boo!hiss!
>
> So that is where I am at.
> Connectivity to the remote site, and vice versa but unable to join the
> domain from the remote site. I will probably get that one going on
Thursday
> as I am offsite today.
>
> I must say I was very impressed with Microsoft's support services. It was
> expensive but they threw all their resources at this problem, were patient
as
> I tried to get my tunnel running and spent at least 5 hours on the phone
with
> me. They were never condesending or pushy and until my problem is
resolved, I
> don't pay.
>
> Thanks for your help Joe. I think I did learn alot and I will post the
final
> resolutions when I figure them out.
>
> Liam
>
> "Joe" wrote:
>
> > In message <FA67E72B-B835-4B41-9C36-1CB17083F70A@microsoft.com>, Liam
> > <Liam@discussions.microsoft.com> writes
> > >Hi Joe, Sorry about the delay getting back to you. I really appreaciate
this
> > >help.
> > >
> > >The clients are mainly XP Pro but one W2K.
> > >In the ipconfig, the remote machines are getting both IP and DNS from
the
> > >router gateway device.
> > >1. I tried disabling DHCP service on the device and then no one in the
> > >office could get internet.
> > >2. So I disabled DCHP (again) and put the DNS from the SBS into the
allotted
> > >feild on the gateway device. Again no luck.
> > >3. I re-enabled DCHP and left the SBS DNS address on the device. No
luck.
> > >4. I re-enabled DHCP on  the device, left the DNS field on the device
blank
> > >and I was back at square one: Internet=YES Domain access=NO.
> > >
> > >In the past, one user managed to use \\server_name\shared_resource to
access
> > >a folder but this has since gone away! Perhaps that fumbling in the
dark you
> > >mentioned.
> > >
> > >My next steps are as follows:
> > >Hard code the DNS and WINS address into the remote client.
> > >Talk to Symantec to ensure I have a good tunnel (again)(I have been
digging
> > >away in there)
> > >Try to determine if SBS is dishing up DNS to remote clients <---HOW do
I do
> > >this??
> >
> > If web browsing (or name resolution generally. Can you ping well-known
> > Internet sites by name? Remember that some don't reply to pings) works
> > on the clients, they must be getting DNS information from somewhere. If
> > their ipconfig shows the only DNS server to be SBS, they must be getting
> > it from there. I can't think of a simpler way to check.
> > >
> > >Am I on the right road?
> > >
> > I think so. Clients of SBS *must* use SBS for DNS, there are other
> > things tied in here. (No, nobody seems quite sure what, only that many
> > things break if you don't do it). If the VPN link cannot do this
> > automatically, then you must do it manually. You can still accept IP
> > addresses by DHCP but have manual DNS settings. If SBS supplies DHCP
> > then it knows what clients it has, and where to find them, otherwise it
> > may not.
> >
> > Basically, if the server does not know the client IP addresses, it will
> > have trouble communicating with them. There are protocols for using
> > broadcasts to find machines, but Microsoft are in the process of moving
> > from one system to another, and nobody seems to know how heavily SBS
> > relies on old technology. DHCP generally works for one subnet, whereas
> > VPN must use two subnets if the routing is to work. In NT4 days, routers
> > might or might not have the facility to pass DHCP information across
> > different subnets. That job here would be done by the VPN hardware *if*
> > it is done at all. Probably not.
> >
> > I still think you need to know first if the clients can ping the SBS,
> > and vice versa. If the clients cannot do this, they cannot use DNS or
> > anything else from the SBS. If the SBS cannot ping the clients, it
> > cannot reply to their DNS requests.
> >
> > I think this is a difficult area. Probably most experience of VPN
> > working is with SBS as the VPN endpoint, and only one client at each
> > remote location. I have only used VPN this way, not using VPN-enabled
> > routers. I think nobody has jumped in to correct me because nobody else
> > is experienced with this type of VPN either. I have recently needed to
> > use a VPN between a Windows client and SBS to enable communication
> > between other devices, and I could not get help here on doing that.
> > (Yes, I've worked it out).
> >
> > We're all learning together. I'm trying to use this VPN to link
> > commercial VOIP equipment. The dealer selling it assured us it would
> > work, but seem at a loss as to the details, particularly of IP routing.
> > Maybe we can tell them, when we figure it out.
> > -- 
> > Joe
> >

• Next message: Mitch Reno: "Re: Linksys, SBC, SBS 2003, and internet"
• Previous message: hssmith: "AntiVirus Exclusions"
• In reply to: Liam: "Re: Virtual LAN Problem"
• Next in thread: Liam: "Re: Virtual LAN Problem"
• Reply: Liam: "Re: Virtual LAN Problem"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint