RE: IP addresses and VPN

It is working (just) just so verrrry slow, most ping packets fail.

I am getting an error in the SBS server log indicating a master browser
error/conflict, HMGD-SERVER is the remote server on the end of the VPN link.

Error message in log: The master browser has received a server announcement
from the computer HMGD-SERVER that believes that it is the master browser for
the domain on transport NetBT_Tcpip_{89B04738-4350-46. The master browser is
stopping or an election is being forced.

Any guidance would be appreciated.

Thanks, Denis.

"Edward Tian" wrote:

> Hi Denis:
> Thank you for your update.
>
> I am gled to hear everything is working fine now.
>
> It's my pleasure to work with you in this post. If you encounter any
> difficulties in the future, please feel free to let me know, I am standing
> by to help you.
>
> Again, thanks for using newsgroup.
>
> Have a nice day! :)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: IP addresses and VPN
> | thread-index: AcXTZq70ANzLipHCTSC5brHDoZC+hA==
> | X-WBNR-Posting-Host: 212.159.44.244
> | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
> <KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
> <E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
> <DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
> <DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
> | Subject: RE: IP addresses and VPN
> | Date: Mon, 17 Oct 2005 15:04:02 -0700
> | Lines: 231
> | Message-ID: <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162149
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | I think that update to the DNS/WINS setting has worked, I have managed to
> log
> | onto the SBS domain (after many tries) and I can access the resources
> | (although only if I persevere). I think it is just a very slow/unstable
> VPN
> | connection problem now.
> |
> | Thanks for your help.
> |
> | "Denis" wrote:
> |
> | > New update: After playing with the DNS and WINS settings I can now get
> the
> | > Remote server (192.168.32.2) to "join" the SBS Domain (192.168.16.2) by
> | > manual config' in the System Properties. However when I try to log on
> to the
> | > domain I always get a DC not available error (is this due to a very
> | > slow/unstable VPN?). If I log on to the local machine account I cannot
> access
> | > any more resources than indicated in earlier messages.
> | >
> | > The remote TZ170 LAN is set to 192.168.32.1
> | > Lan setup on server attached to the remote TZ:
> | > IP Add' 192.168.32.2
> | > Default gateway 192.168.32.1
> | > DNS1 10.0.0.1 (Netgear ADSL router on wan port of TZ)
> | > DNS2 192.168.32.1
> | > WINS 192.168.32.1
> | >
> | > "Denis" wrote:
> | >
> | > > The exact IIS error message:
> | > > HTTP error 403.6 - Forbidden: IP Address of the client has been
> rejected.
> | > >
> | > > "Denis" wrote:
> | > >
> | > > > Thanks for your respnse, a bit of clarification:
> | > > >
> | > > > When I access the SBS network (192.168.16.0...) over the TZ170 VPN
> link from
> | > > > the remote network (192.168.32.0...) I can see the systems in the
> office
> | > > > (via Network Places) however I cannot access any of their
> resources, I can
> | > > > also access the companyweb public page (at address 192.168.16.2)
> but the
> | > > > "connect computer" (to attach a new computer to the network link)
> is
> | > > > unavailable (IIS error 403, IP address not authorised). I can
> access SBS
> | > > > Remote desktop etc.
> | > > >
> | > > > I have added the remote server to the SBS servers list in the
> Manage Server
> | > > > MMC.
> | > > >
> | > > > The remote 2003 server (192.168.32.2) is not in a domain, just a
> workgroup,
> | > > > since I cannot get it to join the domain until I can get the
> "connect
> | > > > computer" link to operate.
> | > > >
> | > > > "Edward Tian" wrote:
> | > > >
> | > > > > Hi:
> | > > > > Thank you for posting here. I am sorry for the delayed response
> due to
> | > > > > weekend. Please understand that the newsgroups are staffed
> weekdays by
> | > > > > Microsoft Support professionals to answer your systems and
> applications
> | > > > > questions. Your understanding is greatly appreciated!
> | > > > >
> | > > > > From the description, I understand that your remote office and
> main office
> | > > > > are connected by site-to-site VPN using two Sonic Wall TZ170
> routers. From
> | > > > > the remote office, you can access the share folders and public
> web page on
> | > > > > the main office, but you cannot access a particular link on the
> companyweb
> | > > > > entry page. If I have misunderstood your concern, please do let
> me know.
> | > > > >
> | > > > > First, can I assume the link you mentioned is "Remote Server
> Management" on
> | > > > > the companyweb entry page which is used to connect to the SBS
> Server via
> | > > > > RDP? (If I am wrong, please send me a screenshot and tell me the
> correct
> | > > > > link) Then, can I assume your SBS Server only has one network
> card with the
> | > > > > IP address 192.168.16.2 and the network diagram looks like the
> following:
> | > > > >
> | > > > > Workstations--|
> | > > > > SBS Server-----|----Router----Internet----Router----Windows
> Server 2003
> | > > > >
> | > > > > Please kindly correct me if my understanding is not accurate.
> | > > > >
> | > > > > First I would suggest you re-run the CEICW Wizard, the wizard
> will help us
> | > > > > configure the networking settings for a SBS server. More info:
> | > > > > 825763 How to configure Internet access in Windows Small Business
> Server
> | > > > > 2003
> | > > > > http://support.microsoft.com/?id=825763
> | > > > >
> | > > > > To narrow down this issue, please help to gather the following
> information:
> | > > > > 1. Please capture a screenshot of the error page (error 403), and
> save it
> | > > > > to a .jpg file, then send this file directly to my mailbox:
> | > > > > v-edtian@xxxxxxxxxxxxx .
> | > > > >
> | > > > > Regarding the error 403 message, it appears that your remote
> client is not
> | > > > > authorized to view this page. I suggest you check the following
> settings:
> | > > > >
> | > > > > a. Go to the SBS Server, open the IIS (Internet Information
> Services)
> | > > > > management console, navigate to Web Sites-> Default Web
> Site->tsweb, right
> | > > > > click it and choose Properties.
> | > > > >
> | > > > > b. Go to the Directory Security tab, click the second Edit button
> under "IP
> | > > > > address and domain name restrictions". By default, all computers
> will be
> | > > > > denied access except the 192.168.16.2 and 127.0.0.1 which
> represents the
> | > > > > SBS Server itself. That is why the remote client was unable to
> access this
> | > > > > link. Please change the option from "Denied access" to "Granted
> access" and
> | > > > > ensure no IP addresses are listed. After modifying the settings,
> please run
> | > > > > "iisreset" from the command prompt (without quotation mark) to
> apply the
> | > > > > settings.
> | > > > >
> | > > > > Then will you be able to access this link?
> | > > > >
> | > > > > 2. Once the VPN connection is established, please type
> "ipconfig/all >
> | > > > > d:\filename.txt" (without quotation mark) on both the server side
> and
> | > > > > remote client side, and send these .txt files to my mailbox for
> further
> | > > > > analysis.
> | > > > >
> | > > > > 3. Does this problem occur on all your remote clients?
> | > > > >
> | > > > > 4. Is your remote server in the same domain of the SBS Server?
> | > > > >
> | > > > > In addition, regarding your concern on the DNS configuration, I
> would like
> | > > > > to provide you the following information:
> | > > > > By default, the order of the DNS query depends on the binding
> order of the
> | > > > > network cards. You can perform the steps below to check the
> binding order:
> | > > > > a. Open the Network Connections.
> | > > > > b. Click Advanced, choose Advanced Settings.
> | > > > > c. Go to the Adapters and Bindings tab, you will find all the
> network cards
> | > > > > are listed under the Connections.
> | > > > >
> | > > > > For example, we suppose that the local network card is listed on
> the top
> | > > > > and the [Remote Access connections] adapter is in the second
> order. Once
> | > > > > the client attempts to resolve a DNS name, it will first send the
> DNS query
> | > > > > packet to the DNS Server which is assigned on your first local
> network
> | > > > > card. If this DNS Server cannot find a matched record, this DNS
> query
> | > > > > packet will be sent to the second DNS Server which is assigned on
> the
> | > > > > Remote Access network adapter (a virtual PPP NIC which is created
> by the
> | > > > > hardware router). In your case, since you are using the hardware
> router to
> | > > > > deploy the site-to-site VPN, if you have configured the router to
> assign a
> | > > > > DNS Server (192.168.16.2) for the PPP NIC, the DNS query packet
> will be
> | > > > > sent to 192.168.16.2 which is the DNS Server on your SBS box.
> Then this DNS
> | > > > > Server will take the responsibility to perform the DNS resolution
> and send
> | > > > > back the correct result to the remote client.
> | > > > >
> | > > > > A workaround is also feasible: You can add the related entry in
> the local
> | > > > > LMHOST file. In this way, the DNS query will first check the
> LMHOST file
> | > > > > and then send to the corresponding DNS Server. This method is
> widely used
> | > > > > to workaround DNS issue in VPN scenario.
> | > > > >
> | > > > > Hope the above information helps. Please feel free to let me know
> if there
> | > > > > is anything I can do for you.
> | > > > >
> | > > > > I look forward to hearing from you.
> | > > > > Have a nice day! :)
> | > > > >
> | > > > > Best Regards
> | > > > > Edward Tian(MSFT)
> | > > > > Microsoft CSS Online Newsgroup Support
> | > > > >
> | > > > > Get Secure! - www.microsoft.com/security
> | > > > > ======================================================
> | > > > > This newsgroup only focuses on SBS technical issues. If you have
> issues
> | > > > > regarding other Microsoft products, you'd better post in the
> corresponding
> | > > > > newsgroups so that they can be resolved in an efficient and
> timely manner.
> | > > > > You can locate the newsgroup here:
> | > > > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > > > >
> | > > > > When opening a new thread via the web interface, we recommend you
.