VPN Problem?

[JMTS]

Hello
I've set up several remote vpn clients to connect to my rras server that is
a ISA server (Stanalone server not member of internal domain-for security
reasons), they connect with no problem to the network they login using
dialup (VPN connection) then they're able to access to the network drives
(files,etc) as network printers.
The problem:
When they try to access to network browser, they click on the domain and
they receive the following message: "Domain is not accessible. You might not
have permission to use this network resource. Contact the Administrator of
this server to find out if you have access permissions- The list of servers
for this workgroup is not available"
1 - Isn't a workgroup, is a domain
2 - If the remote users type on their networkbrowser \\computerdomain they
have access to all computers with no problem!!!.. They also can ping every
computer in internal domain by name or ip_adress
3 - Sometimes I need to access to the remote users and I only can do that if
I type \\ip_adress if I try to type \\computername doesn't work...
4 - On internal domain browser I can't see the remote vpn machines...
strange ha?? maybe not!!!Maybe you could help me out whit this.

Thanks for your time
Regards

 

[Bill Grant]

I don't see anything strange about that. In fact, it is pretty much what
I would expect to happen. Browsing and name resolution are related, but they
are not really the same thing!

The browser service works by using LAN broadcasts. RAS/VPN connections
do not carry LAN broadcasts, so remote clients will not show up in the LAN
browse list. And you will not be able to contact remotes by name from the
LAN unless they register in either DNS or WINS. Their names cannot be
resolved by broadcast.

The remote clients could possibly see the LAN browse list if they were
logged into the domain (depending on WINS). But if they are simply
connecting to a standalone server, they will not know how to find the Domain
Master Browser.

 

[JMTS]

Hello Bill

Hum..

You said that the clients don't know how to find the Domain Master Browser??
But joined the remote users to my internal domain via VPN connection? And it
worked fine they were add successfully.

About the problem that they couldn't enter on the domain browser was that
they have FW enable on their internet connection (not in vpn connection), I
disable the FW on internet connection and the message error stops, but they
only can see their machine beyond the domain they can't see the machines on
my internal domain, but they still can ping machines by name or ip address.



I've a question for you if you don't mind

I need to setup a remote site with the same configuration, but this site
will be the child domain of the existent domain, and I need that everyone
sees everyone.

Now according with you I need at least to have DNS registrations on both
sites of domain controllers??

Can I do this without Wins? You I really don't want (if possible) to have
wins servers on any site...



Thanks again for your time

Regards

 

[Bob Qin [MSFT]]

Yes, you need to have DNS server on each site. In general, it will be
better if you have a WINS server.

As for this issue, I recommend that check the following document.

830063 Name resolution and connectivity issues occur on Windows 2000 domain
http://support.microsoft.com/?id=830063

In addition, you can also use "browstat status " command to check if there
is domain master browser in your network. Please refer to the following
article to troubleshoot this issue.

Troubleshooting the Microsoft Computer Browser Service
http://support.microsoft.com/default.aspx?scid=KB;EN-US;188305

For more information, refer to the "Microsoft Windows NT Browser" white
paper at the following Microsoft Web site:
http://www.microsoft.com/ntserver/techresources/commnet/browser/ntbrowser.as
p

Wish it helps.

Regards,
Bob Qin
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Bill Grant]

If the remote users are domain members, they will probably be able to
get a browse list of the LAN machines if you are running WINS on the LAN.

When the remote needs a browse list, it will send a name request for the
special Netbios name <domainname 1b> , which is the Domain Master Browser.
WINS should reply with the IP address for the DMB, and the client gets the
browse list (using the IP address). If you are running WINS but this isn't
happening, you will need to monitor the traffic on the VPN link to see where
it fails.

 

[JMTS]

Thanks guys you were a big help
Tanks again
Regards