Announcement

Collapse
No announcement yet.

Branch Office Auth. no DC onsite.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Branch Office Auth. no DC onsite.

    We have 3 warehouse with T1's. The provider setup a vpn that is always connected between all 3 warehouses. I can ping,print, and use applications across the vpn no problem. 1 warehouse is right across the street and will only have about 5 users. Is there a way for their pc's to authenticate to the domain without installing a secondary or read only DC? I plan on installing a read only DC at the warehouse that is further north of us and has more users. I'm still in the upgrade process for this old network. Most of the pc's are the home version. So when I added a pc to the domain and took it across the street, I thought everything was fine until the primary DC started complaing and tell me it hadnt talk to that pc in over 30 days. So do I you lmhost files or anything.

    Thanks

  • #2
    Re: Branch Office Auth. no DC onsite.

    Can you reach the DC over the VPN?
    If so, try setting the IP on the client to give the DC as first DNS server (assuming it is one) and the local router as a second one
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Branch Office Auth. no DC onsite.

      Ok I will try that this morning. The pc's can ping and map shares.
      Thanks

      Comment


      • #4
        Re: Branch Office Auth. no DC onsite.

        Ok I tried it and was able to log in but it didn't map the drives that I have pushed in the GPO. I can manually map a drive no problem. I can't browse the server or see the other workstations in my network places. I can only see pc's that are local.

        Comment


        • #5
          Re: Branch Office Auth. no DC onsite.

          Didn't you say tha tmost of the PC's are the home version (Home version)? That means that you cannot join them to a domain and use GPO. Or did I miss something?
          TIA

          Steven Teiger [SBS-MVP(2003-2009)]
          http://www.wintra.co.il/
          sigpic
          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

          We donít stop playing because we grow old, we grow old because we stop playing.

          Comment


          • #6
            Re: Branch Office Auth. no DC onsite.

            I think he's in the process of upgrading them to a domain capable Windows OS.
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Branch Office Auth. no DC onsite.

              Its a bit unclear in the first post, but it seems the client is OK on the main site, but problems start when moved to the branch office.
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Branch Office Auth. no DC onsite.

                Originally posted by bdaughtry View Post
                Ok I tried it and was able to log in but it didn't map the drives that I have pushed in the GPO. I can manually map a drive no problem. I can't browse the server or see the other workstations in my network places. I can only see pc's that are local.
                can you ping from your workstationwith FQDN or IP?

                Comment


                • #9
                  Re: Branch Office Auth. no DC onsite.

                  Ok I did what you said. I put the ip for the dc at the main warehouse as the dns server in all the pc's at the branch warehouse. I also added the dns suffix in the dns tab under tcpip settings. I was then able to type connect in the web browser and join the domian. I can even offer remote assistance from the server to them which is totally awesome. The only thing that isn't working is the 2 mapped drives that I deployed in the gpo. They aren't showing up. I will try gpupdate /force on monday. I'm wondering if I need to add the subnet for the branch warehouses under dns on the dc because when I open the management console and go to computers, all the computers at the branch warehouse show as "online- unbable to query the information for this computer". But I can still right click on it and offer remote assistance.
                  If you think this is true can you tell me how to add the subnet? Every forum I read so far about branch office talk about setting up the vpn and using ras but none of them talk about what to do if your isp setup the vpn for you and if you don't have a secondary dc at the branch offices.
                  Thanks so much for your help. I'm almost there, I can feel it.

                  Comment


                  • #10
                    Re: Branch Office Auth. no DC onsite.

                    You are at location X. Across the street is location Y.

                    1. Is Location X a warehouse or a separate office?
                    2. X houses the DC, correct? And is this the only DC? It runs DNS, correct?
                    3. What operating systems do the workstations at Y use?
                    4. What's the IP schema of X and Y? Also, any issues with Z (you haven't mentioned it aside from the primary post)?
                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Branch Office Auth. no DC onsite.

                      X=warehouse and main office. This is where the SBS 2008 server is installed and yes dns is running. 192.168.1.x

                      Y=warehouse and small office with 5 pc's running xp sp2 and windows 7. no dc installed here. 10.0.1.x

                      Z=is in Dallas, the vpn provided by isp works fine. I can log into the fax machine website to make changes from X. I haven't upgraded any of the pc's there yet so they are still on xp home and not on the domain. 192.168.2.x


                      From X on the server in the sbs management console it tells me all the pc's at Y are "online-unable to query information for this computer" There is a dns A record for the pc's and I can ping them from server. If I do a "gpresult" from a pc at Y, it does say that it updated its gpo from the server however its not mapping the drives I deployed in the gpo from the server. Is there a windows firewall setting or something on the server where I need to add the subnet from Y?

                      Comment


                      • #12
                        Re: Branch Office Auth. no DC onsite.

                        Ok I think I figured it out. Check out this link http://support.microsoft.com/default...b;EN-US;957713
                        scroll down a little over halfway where it talks about "If the workstation is on a different subnet."
                        I followed these instructions and I hope it works. I'm just waiting for the gpo to update across the network.

                        Comment


                        • #13
                          Re: Branch Office Auth. no DC onsite.

                          IT WORKED!!

                          I called and had them all run gpupdate /force and now all the computers show online in the sbs management console.

                          Thanks for everyones help.

                          Comment

                          Working...
                          X