Virtual LAN Problem (by 2 users)

Hi Marina,

Thanks for reading in.
I found that out about 1 hour before reading your post.
lol
Just my luck.
So I suspect that the problem is solved!

BTW: Is it a virtual LAN that I am running now? I think too many people are
using VPN as a synonym for VLAN.

Liam

Hi Liam,

VPN means Virtual Private Networking and VLAN is Virtual Local Area Network.
I would think VPN is something different than a VLAN, but somebody else may
provide us with a definite answer.

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's

"Liam" <L @discussions.microsoft.com> schreef in bericht

Cool,

Thanks again Joe...looks like it is solved.

Hi Liam,

Great story.

But you do know that XP Home can't really join a domain, right?

--
Regards,

Marina
Microsoft SBS-MVP
One of the Magical M&M's

"Liam" <L @discussions.microsoft.com> schreef in bericht

Hi Joe,

Yes I agree: "We are all learning together"...and I have this problem 95%
complete!

I must say that you were bang on Joe. I DID have to use DHCP from the
Gateway device and MANUAL DNS settings to get it to work. Good work.

Part of the problem here was describing what it was that we wanted. Iwanted
my users at the remote site to be able to log in just as if they were in our
head office. ISn't this a virtual LAN and NOT a VPN connection? I have VPN
software with the Gateway that worked fine but the whole purpose of buying
the second Gateway was to have seamless LAN connectivity. Are these
considered the same thing? I don't think so but many people I have talked to
want to use the VPN idea as a VLAN...not quite the same, but I am not sure.
Anyway, here is my sordid story:

After 4 or 5 days of mucking around with this problem, I had intermittent
connectivity with the remote LAN and from the remote LAN.
My users could map a drive if and ONLY if they had been part of the domain
BEFORE they went to the remote sire and even that connectivity was sketchy.

So I bit the bullet and paid $249 CDN to microsoft support and I must say I
was impressed by their help.

The issue is not 100% resolved yet but here is much of the solution.

First, my Symantec Gateway Security router model 360R did not have a stable
tunnel. It collapsed after trying to allow it to have a remote DNS address
entered into its' field under WAN--> Advanced-->Remote LAN.

Also the router would hang and everybody and their aunt would get 169
address at the remote site until I re-booted the device. The reason was not
apparent because the tunnel status at both router was showing: "ENABLED"
Which to me meant we had a good tunnel. Actually it is supposed to say:
"CONNECTED"
I only found this out (the collapsed tunnel that is) after being on the
phone with MS and Symantec support...a total of 5 people over two continents
and three countries!
All working together...gotta love the comm links nowadays.

So once we had a stable tunnel we now had to let the MS product do its stuff.
I was told to do the following:

1. Confirm a decent tunnel by pinging the remote sites internal address.
Success
2. Confirm a decent tunnel by pinging the remote site internal clients.
Success
3. Allow the remote gateway device to manage DHCP. Success
4. Clients at the remote site must do the following:
         Go to TCP/IP properties--> Advanced--> DNS tab
          Enter the remote DNS IP Address in the top box labeled:
           "DNS Server Address, in order of use"
          At the bottom of the same tab in the box labeled:
          "DNS Suffix for this connection:" enter the Domain Name
          MyDomain.local

Once I had done this, I connected my Laptop (The one that is ALREADY part of
the Domain) and mapped my User folder on the SBS2003 machine
(\\

In message <FFB12AA3-593E-4D07-A383-B37C7­2BA5 @microsoft.com>, Liam
<L @discussions.microsoft.com> writes

You don't say what client Windows version you have. In XP, open a
command prompt window (or Start Menu -> Run box) and type:

ipconfig /all

In W98, the command is winipcfg.

You should see reference to DNS and WINS servers, which should all be
set to the SBS LAN IP address. The clients should get this information
by DHCP, but the question is whether the VPN is relaying it from the
server, or whether it has been programmed into the remote router's DHCP
server, or neither. If neither, it must be entered into each client's
TCP/IP properties.

The first stage is to see what TCP/IP connection and routing exists.
Only if that is all correct can we try to guess what resource access is
possible.

A certain amount of housekeeping information must be transferred between
machines on a network. What I do not know is how much of this is being
transferred by these particular VPN appliances. If none, then client and
server machines are left to find each other by fumbling in the dark.
This sometimes works a bit, but usually not well across different
subnets. Computer and share browsing across a VPN seems a bit random
with SBS. Nobody seems to know for sure when it should or should not
work.

The fact that you can see the domain name in a client's 'Entire Network'
tree may mean much or little. If the client has been physically
connected to the server LAN recently, it may just be cached and will
disappear after a while.

Where you can see the domain name on a remote client, can you log on to
the domain, i.e. if you try a user logon with the domain name in the
third box, do you get connected or is there a 'domain controller not
found' message?
--
Joe

Hi Joe, Sorry about the delay getting back to you. I really appreaciate this
help.

The clients are mainly XP Pro but one W2K.
In the ipconfig, the remote machines are getting both IP and DNS from the
router gateway device.
1. I tried disabling DHCP service on the device and then no one in the
office could get internet.
2. So I disabled DCHP (again) and put the DNS from the SBS into the allotted
feild on the gateway device. Again no luck.
3. I re-enabled DCHP and left the SBS DNS address on the device. No luck.
4. I re-enabled DHCP on  the device, left the DNS field on the device blank
and I was back at square one: Internet=YES Domain access=NO.

In the past, one user managed to use \\server_name\shared_resource to access
a folder but this has since gone away! Perhaps that fumbling in the dark you
mentioned.

My next steps are as follows:
Hard code the DNS and WINS address into the remote client.
Talk to Symantec to ensure I have a good tunnel (again)(I have been digging
away in there)
Try to determine if SBS is dishing up DNS to remote clients <---HOW do I do
this??

Am I on the right road?

Liam

Thank you very much Joe for replying.

When I say see, I mean that when a remote machine is connected to the remote
LAN I can see the machine in the Server management--> Computers console
When we are remote, a PC that is already a part of our Domain (I sent it
there for testing) goes to My  Network -->Entire Network-->Microsoft
Network-->"Our Network Name"...they "see" it but are unable to gain access.

**Are the remote machines getting the DNS
server and WINS server IP address correctly?
How do I do this? I am not very adept at this as you can see.

I am currently off site and cannot "ping" right now. When I return to the
site I will ppost the ping status.

Thanks again

In message <FA67E72B-B835-4B41-9C36-1CB17­083F @microsoft.com>, Liam
<L @discussions.microsoft.com> writes



If web browsing (or name resolution generally. Can you ping well-known
Internet sites by name? Remember that some don't reply to pings) works
on the clients, they must be getting DNS information from somewhere. If
their ipconfig shows the only DNS server to be SBS, they must be getting
it from there. I can't think of a simpler way to check.
I think so. Clients of SBS *must* use SBS for DNS, there are other
things tied in here. (No, nobody seems quite sure what, only that many
things break if you don't do it). If the VPN link cannot do this
automatically, then you must do it manually. You can still accept IP
addresses by DHCP but have manual DNS settings. If SBS supplies DHCP
then it knows what clients it has, and where to find them, otherwise it
may not.

Basically, if the server does not know the client IP addresses, it will
have trouble communicating with them. There are protocols for using
broadcasts to find machines, but Microsoft are in the process of moving
from one system to another, and nobody seems to know how heavily SBS
relies on old technology. DHCP generally works for one subnet, whereas
VPN must use two subnets if the routing is to work. In NT4 days, routers
might or might not have the facility to pass DHCP information across
different subnets. That job here would be done by the VPN hardware *if*
it is done at all. Probably not.

I still think you need to know first if the clients can ping the SBS,
and vice versa. If the clients cannot do this, they cannot use DNS or
anything else from the SBS. If the SBS cannot ping the clients, it
cannot reply to their DNS requests.

I think this is a difficult area. Probably most experience of VPN
working is with SBS as the VPN endpoint, and only one client at each
remote location. I have only used VPN this way, not using VPN-enabled
routers. I think nobody has jumped in to correct me because nobody else
is experienced with this type of VPN either. I have recently needed to
use a VPN between a Windows client and SBS to enable communication
between other devices, and I could not get help here on doing that.
(Yes, I've worked it out).

We're all learning together. I'm trying to use this VPN to link
commercial VOIP equipment. The dealer selling it assured us it would
work, but seem at a loss as to the details, particularly of IP routing.
Maybe we can tell them, when we figure it out.
--
Joe

In message <A686FA41-962C-476B-9E49-17080­5651 @microsoft.com>, Liam
<L @discussions.microsoft.com> writes
You need to tell us exactly what is happening. When you say 'see' you
mean..?

Which machines can successfully ping other machines? If the remote
router is doing DHCP, how is the server finding out what IP addresses
are supplied to the machines? Are the remote machines getting the DNS
server and WINS server IP address correctly? Have the remote machines
been joined to the domain?
--
Joe