RE: IP addresses and VPN
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Wed, 19 Oct 2005 12:25:17 GMT
Hi Denis:
Thanks for your update.
Generally speaking, we configure this setting on the remote client in the
client-to-server VPN scenario. In this case, since we are using the
site-to-site VPN connection, please try performing the settings on one of
the client and the servers at each end of the VPN tunnel, then go to this
client and check whether the network performance will be improved.
Thank you for your time and patience.
Have a nice day! :)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: IP addresses and VPN
| thread-index: AcXUo+BrVlcaNlEcSBmXwMBdA/dRoA==
| X-WBNR-Posting-Host: 212.159.44.244
| From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
<KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
<E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
<DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
<DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
<2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
<0rCsyR80FHA.2552@xxxxxxxxxxxxxxxxxxxxx>
<E4859BA1-3E02-4CE6-A2E6-8A19A7A147B7@xxxxxxxxxxxxx>
<HP2JIlI1FHA.1144@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: IP addresses and VPN
| Date: Wed, 19 Oct 2005 04:54:35 -0700
| Lines: 306
| Message-ID: <1C5D7A3B-8B86-4D92-9567-46741870FC9E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162656
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Apologies for being dumb, do I have to change the settings to force TCP
over
| UDP on all machines in the network or just the servers at each end of the
VPN
| tunnel?
|
| "Edward Tian" wrote:
|
| > Hi Denis:
| > Thank you for your reply.
| >
| > Based on my research, the problem may occur when the routers on your
| > networks are configured to forward UDP broadcasts. Can I assume the
event
| > ID is 8003?
| >
| > If a Windows domain spans more than one subnet and the TCP/IP protocol
| > (NetBT) is used, each subnet will have a Master Browser. If a Master
| > Browser receives server announcements from another computer, claiming
to be
| > a Master Browser, an election is forced to ensure that there is only
one
| > Master Browser per subnet. These browser elections cause the 8003
message
| > to be recorded.
| >
| > If the routers on the network are configured to forward UDP broadcasts
to
| > UDP ports 137 and 138, then the election broadcasts that are intended
to
| > remain in the subnet are forwarded to other subnets.
| >
| > To stop the 8003 error messages, make sure the routers on the network
are
| > not forwarding UDP broadcasts, keeping browser elections on NetBT local
to
| > each subnet and enable WINS or lmhosts on the network for netbios name
| > resolution. ( For the configuration on the router, you may contact the
| > vendor of the hardware router for more information)
| >
| > In addition, I would like to suggest you force Kerberos to use TCP
instead
| > of UDP, you can refer to this KB article for more detailed information:
| >
| > How to force Kerberos to use TCP instead of UDP in Windows Server 2003,
in
| > Windows XP, and in Windows 2000
| > http://support.microsoft.com/?id=244474
| >
| > Hope the above information helps. Please feel free to let me know if
you
| > have further concerns.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: IP addresses and VPN
| > | thread-index: AcXT5c+aunznFyz4QhW0DTG154j3ig==
| > | X-WBNR-Posting-Host: 212.159.44.244
| > | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
| > <KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
| > <E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
| > <DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
| > <DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
| > <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
| > <0rCsyR80FHA.2552@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: IP addresses and VPN
| > | Date: Tue, 18 Oct 2005 06:14:03 -0700
| > | Lines: 316
| > | Message-ID: <E4859BA1-3E02-4CE6-A2E6-8A19A7A147B7@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162295
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | It is working (just) just so verrrry slow, most ping packets fail.
| > |
| > | I am getting an error in the SBS server log indicating a master
browser
| > | error/conflict, HMGD-SERVER is the remote server on the end of the
VPN
| > link.
| > |
| > | Error message in log: The master browser has received a server
| > announcement
| > | from the computer HMGD-SERVER that believes that it is the master
browser
| > for
| > | the domain on transport NetBT_Tcpip_{89B04738-4350-46. The master
browser
| > is
| > | stopping or an election is being forced.
| > |
| > | Any guidance would be appreciated.
| > |
| > | Thanks, Denis.
| > |
| > | "Edward Tian" wrote:
| > |
| > | > Hi Denis:
| > | > Thank you for your update.
| > | >
| > | > I am gled to hear everything is working fine now.
| > | >
| > | > It's my pleasure to work with you in this post. If you encounter
any
| > | > difficulties in the future, please feel free to let me know, I am
| > standing
| > | > by to help you.
| > | >
| > | > Again, thanks for using newsgroup.
| > | >
| > | > Have a nice day! :)
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
| > | > | Thread-Topic: IP addresses and VPN
| > | > | thread-index: AcXTZq70ANzLipHCTSC5brHDoZC+hA==
| > | > | X-WBNR-Posting-Host: 212.159.44.244
| > | > | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
| > | > <KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
| > | > <E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
| > | > <DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
| > | > <DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
| > | > | Subject: RE: IP addresses and VPN
| > | > | Date: Mon, 17 Oct 2005 15:04:02 -0700
| > | > | Lines: 231
| > | > | Message-ID: <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:162149
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | I think that update to the DNS/WINS setting has worked, I have
| > managed to
| > | > log
| > | > | onto the SBS domain (after many tries) and I can access the
resources
| > | > | (although only if I persevere). I think it is just a very
| > slow/unstable
| > | > VPN
| > | > | connection problem now.
| > | > |
| > | > | Thanks for your help.
| > | > |
| > | > | "Denis" wrote:
| > | > |
| > | > | > New update: After playing with the DNS and WINS settings I can
now
| > get
| > | > the
| > | > | > Remote server (192.168.32.2) to "join" the SBS Domain
| > (192.168.16.2) by
| > | > | > manual config' in the System Properties. However when I try to
log
| > on
| > | > to the
| > | > | > domain I always get a DC not available error (is this due to a
very
| > | > | > slow/unstable VPN?). If I log on to the local machine account I
| > cannot
| > | > access
| > | > | > any more resources than indicated in earlier messages.
| > | > | >
| > | > | > The remote TZ170 LAN is set to 192.168.32.1
| > | > | > Lan setup on server attached to the remote TZ:
| > | > | > IP Add' 192.168.32.2
| > | > | > Default gateway 192.168.32.1
| > | > | > DNS1 10.0.0.1 (Netgear ADSL router on wan port of TZ)
| > | > | > DNS2 192.168.32.1
| > | > | > WINS 192.168.32.1
| > | > | >
| > | > | > "Denis" wrote:
| > | > | >
| > | > | > > The exact IIS error message:
| > | > | > > HTTP error 403.6 - Forbidden: IP Address of the client has
been
| > | > rejected.
| > | > | > >
| > | > | > > "Denis" wrote:
| > | > | > >
| > | > | > > > Thanks for your respnse, a bit of clarification:
| > | > | > > >
| > | > | > > > When I access the SBS network (192.168.16.0...) over the
TZ170
| > VPN
| > | > link from
| > | > | > > > the remote network (192.168.32.0...) I can see the systems
in
| > the
| > | > office
| > | > | > > > (via Network Places) however I cannot access any of their
| > | > resources, I can
| > | > | > > > also access the companyweb public page (at address
| > 192.168.16.2)
| > | > but the
| > | > | > > > "connect computer" (to attach a new computer to the network
| > link)
| > | > is
| > | > | > > > unavailable (IIS error 403, IP address not authorised). I
can
| > | > access SBS
| > | > | > > > Remote desktop etc.
| > | > | > > >
| > | > | > > > I have added the remote server to the SBS servers list in
the
| > | > Manage Server
| > | > | > > > MMC.
| > | > | > > >
| > | > | > > > The remote 2003 server (192.168.32.2) is not in a domain,
just
| > a
| > | > workgroup,
| > | > | > > > since I cannot get it to join the domain until I can get
the
| > | > "connect
| > | > | > > > computer" link to operate.
| > | > | > > >
| > | > | > > > "Edward Tian" wrote:
| > | > | > > >
| > | > | > > > > Hi:
| > | > | > > > > Thank you for posting here. I am sorry for the delayed
| > response
| > | > due to
| > | > | > > > > weekend. Please understand that the newsgroups are
staffed
| > | > weekdays by
| > | > | > > > > Microsoft Support professionals to answer your systems
and
| > | > applications
| > | > | > > > > questions. Your understanding is greatly appreciated!
| > | > | > > > >
| > | > | > > > > From the description, I understand that your remote
office
| > and
| > | > main office
| > | > | > > > > are connected by site-to-site VPN using two Sonic Wall
TZ170
| > | > routers. From
| > | > | > > > > the remote office, you can access the share folders and
| > public
| > | > web page on
| > | > | > > > > the main office, but you cannot access a particular link
on
| > the
| > | > companyweb
| > | > | > > > > entry page. If I have misunderstood your concern, please
do
| > let
| > | > me know.
| > | > | > > > >
| > | > | > > > > First, can I assume the link you mentioned is "Remote
Server
|
.
- References:
- RE: IP addresses and VPN
- From: Edward Tian
- RE: IP addresses and VPN
- From: Denis
- RE: IP addresses and VPN
- From: Denis
- RE: IP addresses and VPN
- Prev by Date: Re: strange file showed up on my c: root
- Next by Date: Re: POP3 connector sending problem
- Previous by thread: RE: IP addresses and VPN
- Next by thread: Re: resizeing OS partition on a dynamic disk
- Index(es):
Relevant Pages
|
