Re: Remote Client Configuration
- From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Dec 2005 00:39:21 -0500
Charles,
Thanks for the response, my replies are below. Also, I wanted to let you
know that I have a notebook here that is configured just as my traveling
employees and is not connected to the physical LAN in the office (I am using
Verizon too), so I can simulate the changes we try without wasting my guys'
time.
> Before we go any further, we need to know how you plan to connect the
> remote computer to SBS 2003 domain via VPN connection after the remote
> user
> logon the remote computer locally or connect the SBS domain via dial in
> VPN
> connection when user logon to the remote computer.
> Here I assume that you want to use a dial in VPN connection to connect the
> remote computer with SBS local network.
Actually, my users currently connect by logging on to the computer (with the
domain listed in the "Log in to:" drop-down on the login screen), but not
clicking on the "Log on using dial up connection". They dont actually
connect using the VPN until after they are logged an and have established
their connection to the internet. The reason I have them log in that way is
so they dont have to have an internet connection to use their computers. I
like for them to be able to get to those offline folders and use the
software without having to log in over that slow connection. They only log
in when it is time to synchronize their offline files or their email with
the Exchange server.
That said, most of your solutions dont apply to me (at least I think),
unless there is a way to update group policy, roaming user profiles, etc.
after establishing the VPN connection.
> If so the steps you mentioned first is right on target you can follow that
> steps to join the remote computer to SBS domain. For your concerns about
> the question, please refer to my answer one by one:
I dont think that the Network Configuration website would work to connect to
the network (either for logging into the network using "log on using dial-up
networking"or logging in locally then establishing the VPN. The reason I say
that is because when I logged in to a test notebook then established the
VPN, when I tried to run the Network Configuration website, I received the
following error: "The Small Business Server Network Configuration Wizard
will only run over a Local Area Network connection. Deactivate any dial-up
or virtual private network (VPN) connections, connect the client computer to
the server using a Local Area Connection, and try again.
That said, how should I have them join the network? I tried to change the
network under "Computer Name Changes" after logging in to the VPN, and it
worked. The problem is that when I tried to log back in, it would not let me
into the domain because it could not find my user account. Then, when I
tried to change the Log on to dropdown to the local computer, it gets this
box that says "Please wait while the domain list is created" and it takes
forever to go away.
The only way I think I would be able to get around that would be to have
them log in using a dial-up connection, but then it would have to dial
Verizon, then the VPN. It seems like at that point it would be getting too
complicated for me to guide my user through over the phone. What do you
think?
There is also the "Create Remote Connection Disk". It looks like all that
does is install the "Connect to Small Business Server" VPN-like connection.
This has nothing to do with connecting these computers to the network does
it?
One thing I have heard would be a possibility is to have the computer
changed from a domain to a workgroup with the same name. Does that seem like
something that might work here? If so, how does it effect my other issues?
> 1. Will the offline files will be gone when the user logs back on?
>
> Based on my research, the offline file is not depend on which OS system,
> so
> if the shared folder is still available on SBS 2003 domain which the
> offline file is enabled when the user log back the offline file will not
> disappear, if not you had to backup the offline file on the SBS server or
> client side first then make it available on a server new shared folder.
It looks that way to me. I will verify when I start getting these clients
on. Thanks.
> 2. Do they actually need the firewall client if they are never in the
> building?
>
> Firewall client will be useful for the client user as we do not need to
> configure special packet filtering on the ISA server for those client
> computer, they can access the internet through SBS 2003 without any
> problem. But if they do not use the SBS server to access the internet, you
> do not need to install the firewall client. It depends on if you want to
> control the internet connection of remote user.
Thanks for the explanation. I do not need them to access the internet
through the server. What I will do, is install the firewall client on the
users that do come in every few weeks and use their notebooks in the office
so that they wont have any problems.
> 3. What happens to their current profile when they log onto the new
> network?
>
> As I know, when they log to the new domain, a new profile will be created,
> it will not impact the original profile, however you can use the KB
> article
> below to restore the user profile and use it on the new SBS 2003 domain:
>
> 314045 HOW TO: Restore a User Profile in Windows 2000
> http://support.microsoft.com/?id=314045
I read the article and it looks easy enough. Thanks.
> 4. What about Group Policy? I run WSUS and was thinking about creating a
> new OU for the mobile users and setting WSUS to tell them to get their
> updates direct from Windows Update servers.
>
> Generally speaking, as you want to deploy the group policy for the remote
> user, it is possible to do that, due to the network speed issue, we
> suggest
> you refer to the article below to set a slow link for remote computer when
> deploy group policy, it might reduce the network traffic and make the
> logon
> process more effectively:
>
> 819108 Settings for minimizing periodic WAN traffic
> http://support.microsoft.com/?id=819108
>
> 811525 Configure Slow Link Speed Group Policy does not force offline files
> to
> http://support.microsoft.com/?id=811525
Glad you pointed me to this article. From this article as well as my other
research, it looks like no matter whether you log into the domain or you log
into a local profile and connect via the VPN, as long as the computer is a
member of the domain, group policy will refresh. Thats good to know. I guess
that I shouldnt even consider configuring these things in a workgroup
setting.
Also, how can you tell that the slow link is working for the offline files?
It seems that when I connect to the VPN, after a few seconds, I am working
online, then when I disconnect, I an then working offline. I cant think of a
time that when I was on a slow network, it didnt tell me I was online as
long as I was connected to the VPN.
..> 5. What is the difference between Connection Manager and the VPN they
> already have installed?
>
> Both are VPN connection, just as I said the VPN they already installed
> might be a dial in VPN connection, but the connection management should be
> considered as a VPN connection that you can use the remote computer to
> logon locally then establish the VPN connection via the connection
> management. There are not so many difference between them.
Looks that way to me too. Thanks for the clarification.
> 6. Should I use Roaming User Profiles like I have for the other users? If
> so, how do they update to the server?
>
> You can use roaming profile, they will update with the server profile as
> the local network user, however if you enable the slow link for group
> policy we may have some special design for sync the profile with SBS
> server
> for optimize the network traffic on the slow WAN link., you can refer to
> the article below:
>
> 227260 How a Slow Link Is Detected for Processing User Profiles and Group
> Policy
> http://support.microsoft.com/?id=227260
Thanks, here I learned how to configure the slow link via GPO, a question I
had after reading 811525.
It seems though that the only way to update the roaming profile is by
logging into the network instrad of being able to snchronize. Is there
anyway, that the users could "upload" or "synchronize" their profiles with
the server without having to log on using a dial up connection?
> For more information, I suggest you refer to the SBS website for the SBS
> documents about deploying the SBS 2003 domain.
>
This assumes that you log into the domain> Further information:
>
> When configure SBS 2003 domain, the most effective wizard should be CEICW,
> do not forget to use, it will save you a lot of time.
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> Hope the above information helpful enough to your issue. I really
> appreciate your effort on this issue, please feel free to let me know the
> results.
I appreciate all of your help and look forward to your response.
Chris
> | From: "Chris Guimbellot" <cguimbellot@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> | Subject: Remote Client Configuration
> | Date: Wed, 30 Nov 2005 12:24:36 -0500
> | Lines: 53
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> | X-RFC2646: Format=Flowed; Original
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> | Message-ID: <uF62xLd9FHA.2176@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: mail.hospitality-international.com 71.16.180.114
> | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:226731
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hello,
> |
> | SBS2003, XP clients.
> |
> | I had an SBS2000 network, but recently installed an SBS2003 box and put
> the
> | old one to bed. The new server has the same server and domain names as
> the
> | old one did. I was easily able to configure all of the clients for the
> new
> | network by running the Network Configuration website on the server
> | (http://servername.connectcomputer). Now it is time to set up the remote
> | computers. That is where I am sort of lost. Here is the situation: I
> have
> | about 7 mobile users (salesmen) using notebooks. They are currently set
> up
> | to log into the old SBS2K network. The use the internet, OutlookXP for
> | email, and use offline files from departmental folders located on the
> | server. They connect to the server via VPN. My question is, how can I
> set
> | them up on the new network? They connect via slow connections (Verizon
> | NationalAccess BroadbandAccess). I would think that installing the
> client
> | apps (namely Outlook 2003 and firewall client) could not work on such a
> slow
> | connection. That said, here is what I was thinking about doing:
> |
> | 1. Have them uninstall the old firewall client.
> | 2. Have them VPN into the new server using their existing VPN
> connection.
> | 3. Run the Network Configuration website to join their computer to the
> | domain.
> | 4. Upon restart, have them install Outlook 2003, the new Firewall
> Client,
> | and the Connection Manager via a CD I send them.
> | 5. Have them install TrendMicro (oh yeah, they will be using TrendMicro
> CS)
> | from the same CD.
> |
> | Is this the correct way to perform the client setup. I am worried about
> a
> | few things:
> |
> | 1. Will the offline files will be gone when the user logs back on?
> | 2. Do they actually need the firewall client if they are never in the
> | building?
> | 3. What happens to their current profile when they log onto the new
> network?
> | 4. What about Group Policy? I run WSUS and was thinking about creating a
> new
> | OU for the mobile users and setting WSUS to tell them to get their
> updates
> | direct from Windows Update servers.
> | 5. What is the difference between Connection Manager and the VPN they
> | already have installed?
> | 6. Should I use Roaming User Profiles like I have for the other users?
> If
> | so, how do they update to the server?
> | 7. How many other issues have I not thought of?
> |
> | I am trying to avoid having them send in their notebooks just so I can
> | configure them. There has to be some sort of guide out there or someone
> with
> | some war stories to share. If I have not been clear enough or I need to
> | provide more information, I would be happy to. I appreciate any
> responses.
> | Thanks in advance,
> |
> | Chris
> |
> |
> |
>
.
- Follow-Ups:
- Re: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Re: Remote Client Configuration
- References:
- Remote Client Configuration
- From: Chris Guimbellot
- RE: Remote Client Configuration
- From: "Charles Yang [MSFT]"
- Remote Client Configuration
- Prev by Date: Re: DFS question
- Next by Date: RE: possible web problems
- Previous by thread: RE: Remote Client Configuration
- Next by thread: Re: Remote Client Configuration
- Index(es):
Relevant Pages
|
