The Definitive Win XP Pro to Win2K3 VPN Guide

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

OK, does anyone know where this could be??

Joke, as far as I can see it doesn't exist.

So could we build one here?

I'm sure that there are a load of folk out there who need to connect remote PC's to a Win2k3 network via the internet using the office router as the VPN server.

Basic principles are simple.
1. You need an internet connection
2. You need Router (in office) capable of VPN connections.
3. You absolutely need a static IP address for the router.
4. You absolutely need Win XP Pro on the remote machine.

So far, with the bits above I have managed to connect tt my Vigor 2600i router. This was just using the built in bits of WinXP Pro and the router.

Using the new network connection wizard for a VPN connection.

The next step would be to log onto the work network from the home PC. This is the difficult bit and I cannot find a definitive guide as to how it is done.

With the internet connection made and the VPN connection up and running I then try to add my home PC to the work domain.
I get the following error:

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name bpn might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location
(SRV) resource record used to locate a domain controller for domain ******:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.*****

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child
zone:

*****
. (the root zone)

For information about correcting this problem, click Help.

Can anyone add to this?

Ta

Mike

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Why are you adding your home pc to your work domain?

The beauty of VPN is that it authenticates you when it establishes the VPN connection. So by connecting the VPN you have effectivel y joined the domain.

The PC you are working on does not have to be part of the domain, but it does need to have a VPN connection to the domain configured and for the user to have a valid domain account.

What are you trying to do exactly?

EDIT: Ok, re-read your post. Why don't you try setting up RAS on the W2K3 box and using that as the VPN server. That way, when the VPN is established you are logged into the domain. You can then use any pc to connect to the domain as long as you have a valid domain account.

 

I used the VPN facilities already available on the Router so that I didn't need to be messing with the server and setting up RAS which I *know* is going to be big hassle.

The VPN connection is not the issue, it's the connection to the server/domain/network so that I can work at home in the same way as I work at work.

In the end I am not doing for me though it will be handy but really it is for our Sales Reps who work from home. We just want to connect them to our network and eventually I'll connect our Scotland office as well.

That is unless RAS really is a doddle to set up.

Ok, I've just been reading through the first pages of Remote Access on a Win2K3 server :-O
Just to set up a VPN server you need to jump through a couple of thousand loops and then you *still* have the problem of connecting the remote clients.

So, I'll just carry on and use the Vigor Router VPN facility (which works by default) and work out how to get one MS O/S to talk to another MS O/S.....you may well laugh but it's not that simple, I'm sure Microsoft initially have easy solutions then deliberately put some obstacles in the way to keep us in jobs!!


Mike

 

Yes RAS can be an arse to setup, but I think VPN's in general can be an arse!

It seems that what you are doing is creating a gateway to gateway vpn connection. You are using the routers to establish the vpn tunnel between the 2 subnets.

Don't forget to point the DNS on your home pc to the DNS server at your work. Otherwise you wont get name resolution for your work domain (unless you have a hosts file configured).

Have you tested TCP/IP communication across the VPN? Can you ping an IP or hostname from one subnet to the other?

 

Ok, update

It seems we have a DNS problem.

I connected my VPN last night, no problem.
I pinged the server using the IP address, no problem.
I pinged the mailserver using the Ip address, no problem.

I collected and sent mail from/to the mail server using the IP address, no problem.

Try any kind of NetBios name and it fails.

So, here are the diagnostics:

I have checked the LAN Status DNS on the router and it is set to:
Primary: 195.74.113.58
Secondary: 195.74.113.62

But then in Basic Setup> Ethernet TCP/IP and DHCP Setup
DNS Server IP Address Primary and Secondary are both empty.

Interestingly the internal network DNS server has two forwarder IP addesses set:
195.74.102.146
195.74.102.147


I guess the router should really be set to primary 192.168.1.2
What would the secondary Router DNS be set to? one of the external DNS servers?

What I am trying to achieve is a VPN connection that I can use to map network drives on a remote machine using the ‘net use’ command without the need for the remote machine to join the Domain, thus eliminating the need for separate accounts on the remote machine.

How wong am I in my diagnosis?

Mike