Announcement

Collapse
No announcement yet.

AD via site2site VPN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD via site2site VPN

    Hello,

    I can't seem to get my branch office PC's to join the domain.

    Maybe someone will help me with this. My search thru the forum archives yielded some useful info,
    but I'm hoping for something more specific. (I'm a networking newbie)

    Here's what I'm working with:

    1) main office: w2K advanced server as PDC (the only server in my system) 192.168.0.0/24

    2) Branch office: XPpro workstations (presently as a workgroup) 192.168.1.0/24

    3) site to site VPN via routers (tunnel is active) - I've tried this with and without NAT

    I can ping both ways across the VPN, but when I attempt to join the branch office PC's to
    the domain they can't locate the Domain Controller. I've tried adding a subnet in sites & services to no avail.

    Any insight will be greatly appreciated.

    Thanks - Mark
    Last edited by MHutch; 1st August 2008, 19:39.

  • #2
    Re: AD via site2site VPN

    A couple of things that came up from exactly the same situation:

    On the Branch Office PCs, do a ROUTE ADD to the main office using
    ROUTE ADD 192.168.0.0 MASK 255.255.255.0 192.168.1.254 -p
    (replace 192.168.1.254 with your router IP address, the -p makes the route permanent)
    On the server do the reverse
    ROUTE ADD 192.168.1.0 MASK 255.255.255.0 192.168.0.254 -p (again use the main site gateway IP)

    Second, create entries in the HOSTS file on the branch office PCs for the DC at the main office
    Use both NetBIOS and FQDNs e.g.
    server 192.168.0.1
    server.domain.local 192.168.0.1
    (obviously replace with correct names and IPs -- look at the hosts file for example format

    When you join the domain, use the FQDN not the NetBIOS name whenever you enter the domain name

    And warn users everything will be sloooowww over the VPN -- they expect LAN like speeds!

    Good Luck!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: AD via site2site VPN

      Hmm if you do a tracert to the DC and you can succesfully connect to it, routes aren't nessesary.
      However, can you use the DNS server?
      Are the clients pointed to the Internal DNS server?

      IF yes, use FQDN like Tom said and it should work.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: AD via site2site VPN

        Thanks for your replies...

        I will be attempting this again early next week,
        as my work load permits.

        I will post my success or need for more help.

        Thanks again. -Mark

        Comment


        • #5
          Re: AD via site2site VPN

          Thanks Ossian & Dumber,

          I did not have to add ROUTES or hosts,
          just had to point the clients to the internal DNS server.
          Worked great.

          thanks again.

          Mark

          Comment


          • #6
            Re: AD via site2site VPN

            Glad you solved it
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X