RE: Problems with connectcomputer and active directory

Hello Anders,

Thank you for your reply.

I understand that you would like to join a remote client to the domain.

I. If you have hardware VPN tunnel setup using Linksys or others, you can
follow the steps below to join the domain:

1. On the SBS server, run Set Up Computer Wizard to create the remote
computer account. Under Client Applications, uncheck everything except
Client Operating System Service Packs.

2. On the remote computer, manually install the service pack.

3. Connect to http://servername/connectcomputer to join the domain.

4. When the machine is part of the domain, logon again and install
Outlook/IE from the CD. You will find the Outlook CD key on the back CD
case #2.

II. Otherwise, you may want to manually join the domain. I'd suggest that
you use the following configuration, SBS Domain <-> ISA/RRAS <-> remote
client.

In this scenario you have to configure the SBS Server computer to enable
external VPN clients for dialing in by using a VPN. Therefore, there is one
border from the external to the internal computer.

1. Configure VPN service on the SBS server

Run the Configure Remote Access wizard to let the System automatically
configure the VPN service for you: Server Management -> Standard Management
-> To Do List, and then click Configure Remote Access in the right pane.

2. Create a VPN connection to ISA/RRAS (external adapter) on the Internet
client.

NOTE: The following procedure assumes that there is already an existing
Internet connection.

A. Open Network and Dial-Up Connections.
B. Click Make New Connection, and then click Connect to a private network
through the Internet.
C. Type the name or IP address of the public interface of the ISA Server
computer as the destination address.
D. Make sure that the users that are configured on the ISA Server computer
are able to dial in remotely. To make sure that the users can dial in
remotely, either use Domain Users to allow these users dial-in permissions
when your ISA Server computer is connected to the local domain or use a
local user on the ISA Server computer and grant dial-in permissions.

3. To connect from an external client (Internet) to the domain, follow
these steps (it is assumed that the client is already connected to the
Internet):

A. Establish the VPN and make sure you enter a valid account which has
dial-in permissions.
B. Join the domain (for example, support.ms.com) from the remote client or
server.
C. Forward a request to the DNS server that is a member of the domain to
resolve DNS names. This traffic is now routed over the VPN connection.

The local DNS server responds to the remote client by using ISA Server as
the VPN router. All traffic (LDAP, SMB, NetBIOS, DNS, and so on) is routed
over the VPN connection and the remote client or server can access the
domain as if it is on the intranet relative to the domain. Please note that
you must establish the VPN connection before you can access the domain.

Related Knowledge Base articles:

303503 How to Join or Access an Internal Domain from an External Client
Using ISA Server and VPN
http://support.microsoft.com/?id=303503

179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442

295017 How to change a computer name or join a domain in Windows XP
http://support.microsoft.com/?id=295017

Hope this helps.

Please feel free to let me know if you have any questions or if you need
further assistance.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Problems with connectcomputer and active directory
| thread-index: Acg3gWJCQnWs5LYQSQOw4tQWSuNQ8w==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?QW5kZXJz?= <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <B09923DF-7540-4FBC-A3A8-3F27FB705F31@xxxxxxxxxxxxx>
| Subject: RE: Problems with connectcomputer and active directory
| Date: Wed, 5 Dec 2007 12:57:01 -0800
| Lines: 14
| Message-ID: <CFE4ED15-263E-491E-9A0E-AFEA047BE68E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:80283
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thanks for all suggestions.
|
| I wil try them as soon as the computer is home again. It travells alot
and I
| have just a few chances to make it work. I will reply back as soon as I
have
| some result. The problem is that I will not get physical access to the
| computer until christmast.
|
| I have one more question, is it possibly to run connectcomputer through a
| VPN between different subnets? (I have not trieed it, but the travelling
| computer will be on a VPN line the comming weeks).
| --
| Anders Bergquist
|
|
|

.

Relevant Pages

  • Re: VPN Client Incorrect Netmask (Vista -> Win2K3)
    ... The remote client gets its network config from the remote access server as part of the ppp negotiation. ... Microsoft programmers SEVERLY damaged the VPN Client in Vista and Server 2008. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN error with sbs2003 and isa 2000 installed
    ... connection from a remote client, the connection terminated in the process ... You receive an "Error 721" error message when you try to establish a VPN ... Open Server Management console and navigate to 'To Do ... Please temporarily place a client directly connected to the external NIC ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN PPTP problem
    ... external NIC IP is in the same subnet with the remote client. ... Please try to establish the VPN connection from the internal clients. ... |> How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)
  • Re: Remote Access and ISA Server in SBS 2003?
    ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
Loading