Announcement

Collapse
No announcement yet.

Laptop Domain users can't surf Internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Laptop Domain users can't surf Internet

    I have a Windows 2003 Server domain with firewalls etc and a numbr of users have laptops which are joined to the domain like normal workstations.
    These users are stating that when they are home, they can't surf the Internet although surfing from work is fine.
    I took a user's laptop home and could only surf if I used a VPN connection to the office domain first.
    So, what is happening and is there a way to allow users to make a standard connection to the Internet without the need for a VPN connection ?
    The strange thing is, this is only a fairly recent condition after a new firewall was installed but nothing has really changed with regards policies and so on.
    BTW, I logged into the laptop as the user and as an administrator of the local machine and neither worked without a VPN connection.

    Many thanks for any help.

  • #2
    Re: Laptop Domain users can't surf Internet

    Can you reveal which new firewall...

    It sounds like IE is set to use a proxy.
    Can you go to control panel > internet options > connections > lan settings. Post a screen shot of that. Then post ipconfig /all (obscure sensitive info)
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: Laptop Domain users can't surf Internet

      It's a Fortigate 100a

      the IE settings are not set for a proxy. The DHCP provides the local gateway through to the firewall but no proxy is being used, so the LAN settings configuration are just set normally.

      Comment


      • #4
        Re: Laptop Domain users can't surf Internet

        I'm assuming that you want your laptop users to connect to the internet from home WITHOUT using a VPN or touching your Domain.


        They can't surf the net from home because the laptops are trying to connect via your network. (The use connects using a domain account)

        Dependant on your users they will need to connect to the ISP who provides their service from home. The user should use a local account on the PC

        You need to set up another connection for the laptops to use the users home router as the gateway if that's how they're connecting.

        1. Log onto the PC with local admin account. Create a LOCAL account for the user

        2. Log on as the user. Create a connection for the user to connect to their home router/network, you may have to give them (Power user status)

        3. Now when the user logs on localy to the PC he connects using the non domain account and providing you have set it up correctly, should now be able to connect to the internet
        Last edited by AndyUK; 27th February 2007, 11:15. Reason: added clarification
        The Univurse is still winning!

        W2K AD, WSUS, RIS 2003. ISA also AVG Server
        ** If contributors help you, recognise them and give reputation points where appropriate **

        Comment


        • #5
          Re: Laptop Domain users can't surf Internet

          andyUK

          If this was the case, wouldn't this be the same if I logged into the machine with the administrator's account for the local machine and tried it then ?
          when I tried this, I still had the same issue and I was using a wireless router which showed a connection to the router but still no Internet.
          Dialling into the server via the VPN allowed me to surf the Internet even though I was running from a local machine account.

          Previously, users had no trouble connecting to the Internet through their laptops but it seems as though something has changed to prevent them from surfing without their using a VPN....

          Comment


          • #6
            Re: Laptop Domain users can't surf Internet

            I don't exactly have an answer as AndyUK said it well.
            but, When you say VPN do you mean to the firewall or to the MS vpn?
            also
            are you using FortiClient Host Security software?
            "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

            Comment


            • #7
              Re: Laptop Domain users can't surf Internet

              Tango7

              From your last I take it you can ping the router but not something like google.co.uk?

              Yes it should work, but you need to make sure the network settings are also correct. You may need to enter a gateway in the network settings to the router?
              I have a laptop running XP that normally runs on my domain but on the occasion I take it home I too have to use the internet so my network settings must reflect the router to which I'm connecting ie DHCP, auto DNS, and most importantly the correct gateway.

              The only other things you should need to check for this to work are your firewall settings and security settings to see if your inadvertantly blocking it.
              The Univurse is still winning!

              W2K AD, WSUS, RIS 2003. ISA also AVG Server
              ** If contributors help you, recognise them and give reputation points where appropriate **

              Comment


              • #8
                Re: Laptop Domain users can't surf Internet

                Does the laptop have any firewalls on it??

                How are your laptops configured to use the internet when not connected to the domain??

                How do your users actually connect??

                Do they connect using IE??

                Can you ping anything at all??

                You say you have changed the firewall recently, did this have a VPN client of it's own that needed installed?? I would presume it did.

                Comment


                • #9
                  Re: Laptop Domain users can't surf Internet

                  When you bring the laptop home. Run "ipconfig /all". Look at the results i.e; before connecting to the VPN connection. Now look at your default gateway and dns entries. Are they by any chance same as your work network? If they are make sure DNS is configured static and if it is not clear the DNS cache by running "ipconfig /flushddns and /registerdns".
                  Good luck.
                  cheers

                  Comment


                  • #10
                    Re: Laptop Domain users can't surf Internet

                    I have checked the ipconfig /all settings and everything appears as it "should" in so much that the IP is that given out by my home router and the gateway points to that router.
                    Everything that I see tells me it's OK

                    Users are left to their own devices as far as home use is concerned but all use IE

                    Yes, the firewall did need it's own VPN client but we got rid of that and to be sure we'd got rid of it, we re-installed the machines.

                    I've checked all the IE settings, added the gateway manually, added Internet based DNS servers etc, etc

                    I really have tried 'everything" I can think of...

                    Comment


                    • #11
                      Re: Laptop Domain users can't surf Internet

                      Ok open a window and catapult the laptop through! Only joking !

                      To rule out a fault with IE and I'm sorry if I'm teaching my granny to suck eggs here.
                      Can you ping and/or tracert an outside addy ie google.co.uk ?
                      The Univurse is still winning!

                      W2K AD, WSUS, RIS 2003. ISA also AVG Server
                      ** If contributors help you, recognise them and give reputation points where appropriate **

                      Comment

                      Working...
                      X