VPN & Active Directory

  • Thread starter Thread starter Ed Sitz
  • Start date Start date
E

Ed Sitz

We upgraded our domain from an NT4 domain to Active Directory almost a year
ago. On the NT4 domain, remote users could connect to home office via
Free/SWan VPN. User could login, connect to shares, etc. Now that we've
rolled out Active Directory, users are no longer able to connect to the
domain. When logging in, users will enter their user name and password. It
will take 30 minutes or more to "login". Even after they are supposedly
logged in, they can't connect to shares or browse the network. Remote
user can open Outlook and connect to the Exchange server. Ping and tracerts
check out ok as do DNS & WINS. When a remote user is on the VPN, we can
connect to the admin share on their laptop via their internal IP address or
machine name.
 
If we use nslookup, all queries respond correctly. On the remote user,
queries on the domain controllers respond correctly as do any other queries
for servers on the network or workstations. From the domain controllers
using nslookup, the remote users internal IP address is resolved correctly.

Here's an ipconfig /all:


Windows IP Configuration

Host Name . . . . . . . . . . . . : SITZE
Primary Dns Suffix . . . . . . . : MEDJAMES.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MEDJAMES.COM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : MEDJAMES.COM
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 69.x.x.x
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 69.x.x.x
DNS Servers . . . . . . . . . . . : 10.x.x.x
10.x.x.x
Primary WINS Server . . . . . . . : 10.x.x.x

The DNS & WINS server address of 10. resolves to our internal DNS & Wins
servers.
 
Ok, we have found a resolution for this problem. If you used Active
Directory Migration Tool, any account that came across from the old domain
will not allow you to login to the VPN.
When we upgraded to Active Directory, we renamed the domain and used ADMT to
move user/computer accounts. If we use a user account that wasn't on our
old domain, they can login to the domain via the VPN just fine.
 
thanks for the feedback.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Windows & Network Support, Tips and FAQs on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
 
Back
Top