Re: Trouble Joining PCs to Domain from Branch Office through VPN

Hi,

By way of explanation I purchased 2 Drayek Vigor 2800G routers as I
had heard Vigor Lan to Lan works well, after a few teething problems
with these boxes they seem stable and are performing well.

The objective is to have a Domain Controller in the branch office and
get DNS, mail and other services from the head office SBS box on
192.168.11.2, just like you seem to be doing. With the Vigor in the
branch office giving out IPs for 192.168.25.x.

Previously I used D-Link at the head office and the setup with a
single public IP was:
192.168.11.x 255.255.255.0 - Internal Network on internal NIC
Small Business Server 2003 with ISA 2004
212.28.25.21 255.255.255.252 - Public Network on external NIC
D-Link DSL504T
212.28.25.22 255.255.255.252 - Management IP
The ISP routed to 212.28.25.22 and I port forwarded from the D-Link to
212.28.25.21 to obtain services from the Small Business Server
remotely, such as RWW.

My first issue with the 2800G was that I could not mirror my D-Link
setup, I had to use a private IP of 192.168.1.1 and change the
external NIC of the server to 192.168.1.2. The only way I could then
get access to my public IP address of 212.28.25.21 was to use a WAN IP
Alias as the ISP was assigning a dynamic IP to the WAN interface.

I have setup a Lan to Lan VPN and I can get a connection for a virtual
Lan of 192.168.1.x/24 and am able to ping 192.168.1.1 and can telnet
to port 25 on 192.168.1.2 at the head office and get a response from
Exchange.

Do I have to in some way, maybe via a static route, have to get to the
internal SBS nic on 192.168.11.2 as I need to set that address as the
IP for AD replication and mail at the branch office? With AD
integrated DNS I should be able to point the clients to the branch DC
and get Domain DNS resolution with forwarders getting internet name
resolution?

If I had my public IP still on the SBS external interface would that
make life any easier? This all sounds a little confusing I know, but
information on head office and branch connectivity seems pretty
sparse.

Any thoughts or suggestions on the general concepts, or the specifics,
very gratefully received.

Thanks.

On Mon, 8 May 2006 23:02:45 -0400, "Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:



In news:94D36F6A-913D-4579-9643-60D795ED3285@xxxxxxxxxxxxx,
Don Dickerson <Don Dickerson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I have an SBS 2000 server at the home office, a 2000 member server at
the branch office, the branch office has about 4 PCs, and when I try
to join the PCs to the domain, I get the following message: "The
specified server cannot perform the requested action".
What is mystifying is that one of the PCs a laptop has already been
joined, and works ok with no problems.
Anybody got any ideas?
Thanks
Don

Check your DNS config in the remote office. If you don't have an
AD-integrated DNS server in each location, you need to point all the remote
servers/PCS at the SBS server's LAN IP for DNS. They shouldn't have any
external IPs specified at all - the external requests will be handled by the
forwarders/root hints used by your internal DNS server.

(I do recommend you make your member server a DC/DNS server...and set it up
in its own AD site/subnet)

Note - this group is mainly for SBS2003 issues; you might get more SBS2k
help in microsoft.public.backoffice.smallbiz2000.

.

Loading