RE: IP addresses and VPN
- From: "Denis" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Oct 2005 04:54:35 -0700
Apologies for being dumb, do I have to change the settings to force TCP over
UDP on all machines in the network or just the servers at each end of the VPN
tunnel?
"Edward Tian" wrote:
> Hi Denis:
> Thank you for your reply.
>
> Based on my research, the problem may occur when the routers on your
> networks are configured to forward UDP broadcasts. Can I assume the event
> ID is 8003?
>
> If a Windows domain spans more than one subnet and the TCP/IP protocol
> (NetBT) is used, each subnet will have a Master Browser. If a Master
> Browser receives server announcements from another computer, claiming to be
> a Master Browser, an election is forced to ensure that there is only one
> Master Browser per subnet. These browser elections cause the 8003 message
> to be recorded.
>
> If the routers on the network are configured to forward UDP broadcasts to
> UDP ports 137 and 138, then the election broadcasts that are intended to
> remain in the subnet are forwarded to other subnets.
>
> To stop the 8003 error messages, make sure the routers on the network are
> not forwarding UDP broadcasts, keeping browser elections on NetBT local to
> each subnet and enable WINS or lmhosts on the network for netbios name
> resolution. ( For the configuration on the router, you may contact the
> vendor of the hardware router for more information)
>
> In addition, I would like to suggest you force Kerberos to use TCP instead
> of UDP, you can refer to this KB article for more detailed information:
>
> How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
> Windows XP, and in Windows 2000
> http://support.microsoft.com/?id=244474
>
> Hope the above information helps. Please feel free to let me know if you
> have further concerns.
>
> Have a nice day!
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: IP addresses and VPN
> | thread-index: AcXT5c+aunznFyz4QhW0DTG154j3ig==
> | X-WBNR-Posting-Host: 212.159.44.244
> | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
> <KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
> <E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
> <DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
> <DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
> <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
> <0rCsyR80FHA.2552@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: RE: IP addresses and VPN
> | Date: Tue, 18 Oct 2005 06:14:03 -0700
> | Lines: 316
> | Message-ID: <E4859BA1-3E02-4CE6-A2E6-8A19A7A147B7@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162295
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | It is working (just) just so verrrry slow, most ping packets fail.
> |
> | I am getting an error in the SBS server log indicating a master browser
> | error/conflict, HMGD-SERVER is the remote server on the end of the VPN
> link.
> |
> | Error message in log: The master browser has received a server
> announcement
> | from the computer HMGD-SERVER that believes that it is the master browser
> for
> | the domain on transport NetBT_Tcpip_{89B04738-4350-46. The master browser
> is
> | stopping or an election is being forced.
> |
> | Any guidance would be appreciated.
> |
> | Thanks, Denis.
> |
> | "Edward Tian" wrote:
> |
> | > Hi Denis:
> | > Thank you for your update.
> | >
> | > I am gled to hear everything is working fine now.
> | >
> | > It's my pleasure to work with you in this post. If you encounter any
> | > difficulties in the future, please feel free to let me know, I am
> standing
> | > by to help you.
> | >
> | > Again, thanks for using newsgroup.
> | >
> | > Have a nice day! :)
> | >
> | > Best Regards
> | > Edward Tian(MSFT)
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | Thread-Topic: IP addresses and VPN
> | > | thread-index: AcXTZq70ANzLipHCTSC5brHDoZC+hA==
> | > | X-WBNR-Posting-Host: 212.159.44.244
> | > | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | > | References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
> | > <KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
> | > <E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
> | > <DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
> | > <DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
> | > | Subject: RE: IP addresses and VPN
> | > | Date: Mon, 17 Oct 2005 15:04:02 -0700
> | > | Lines: 231
> | > | Message-ID: <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162149
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | I think that update to the DNS/WINS setting has worked, I have
> managed to
> | > log
> | > | onto the SBS domain (after many tries) and I can access the resources
> | > | (although only if I persevere). I think it is just a very
> slow/unstable
> | > VPN
> | > | connection problem now.
> | > |
> | > | Thanks for your help.
> | > |
> | > | "Denis" wrote:
> | > |
> | > | > New update: After playing with the DNS and WINS settings I can now
> get
> | > the
> | > | > Remote server (192.168.32.2) to "join" the SBS Domain
> (192.168.16.2) by
> | > | > manual config' in the System Properties. However when I try to log
> on
> | > to the
> | > | > domain I always get a DC not available error (is this due to a very
> | > | > slow/unstable VPN?). If I log on to the local machine account I
> cannot
> | > access
> | > | > any more resources than indicated in earlier messages.
> | > | >
> | > | > The remote TZ170 LAN is set to 192.168.32.1
> | > | > Lan setup on server attached to the remote TZ:
> | > | > IP Add' 192.168.32.2
> | > | > Default gateway 192.168.32.1
> | > | > DNS1 10.0.0.1 (Netgear ADSL router on wan port of TZ)
> | > | > DNS2 192.168.32.1
> | > | > WINS 192.168.32.1
> | > | >
> | > | > "Denis" wrote:
> | > | >
> | > | > > The exact IIS error message:
> | > | > > HTTP error 403.6 - Forbidden: IP Address of the client has been
> | > rejected.
> | > | > >
> | > | > > "Denis" wrote:
> | > | > >
> | > | > > > Thanks for your respnse, a bit of clarification:
> | > | > > >
> | > | > > > When I access the SBS network (192.168.16.0...) over the TZ170
> VPN
> | > link from
> | > | > > > the remote network (192.168.32.0...) I can see the systems in
> the
> | > office
> | > | > > > (via Network Places) however I cannot access any of their
> | > resources, I can
> | > | > > > also access the companyweb public page (at address
> 192.168.16.2)
> | > but the
> | > | > > > "connect computer" (to attach a new computer to the network
> link)
> | > is
> | > | > > > unavailable (IIS error 403, IP address not authorised). I can
> | > access SBS
> | > | > > > Remote desktop etc.
> | > | > > >
> | > | > > > I have added the remote server to the SBS servers list in the
> | > Manage Server
> | > | > > > MMC.
> | > | > > >
> | > | > > > The remote 2003 server (192.168.32.2) is not in a domain, just
> a
> | > workgroup,
> | > | > > > since I cannot get it to join the domain until I can get the
> | > "connect
> | > | > > > computer" link to operate.
> | > | > > >
> | > | > > > "Edward Tian" wrote:
> | > | > > >
> | > | > > > > Hi:
> | > | > > > > Thank you for posting here. I am sorry for the delayed
> response
> | > due to
> | > | > > > > weekend. Please understand that the newsgroups are staffed
> | > weekdays by
> | > | > > > > Microsoft Support professionals to answer your systems and
> | > applications
> | > | > > > > questions. Your understanding is greatly appreciated!
> | > | > > > >
> | > | > > > > From the description, I understand that your remote office
> and
> | > main office
> | > | > > > > are connected by site-to-site VPN using two Sonic Wall TZ170
> | > routers. From
> | > | > > > > the remote office, you can access the share folders and
> public
> | > web page on
> | > | > > > > the main office, but you cannot access a particular link on
> the
> | > companyweb
> | > | > > > > entry page. If I have misunderstood your concern, please do
> let
> | > me know.
> | > | > > > >
> | > | > > > > First, can I assume the link you mentioned is "Remote Server
.
- Follow-Ups:
- RE: IP addresses and VPN
- From: Edward Tian
- RE: IP addresses and VPN
- References:
- RE: IP addresses and VPN
- From: Edward Tian
- RE: IP addresses and VPN
- From: Denis
- RE: IP addresses and VPN
- Prev by Date: Re: Login - Using Tempoary Profile Problem
- Next by Date: Re: Powerfailure - No we have no internet conectivity on server...
- Previous by thread: RE: IP addresses and VPN
- Next by thread: RE: IP addresses and VPN
- Index(es):
Relevant Pages
|
