VPN Client as a Domain Member
I have a WinXP machine that has a client VPN connection to a Win2003 domain. The client also has a separate DSL connection to the Internet. I am using the Cisco VPN client.
I want to do three things: 1)Be able to use the XP machine as a domain workstation 2)Use the domain DNS server to resolve all queries. 3) Use the DSL for Internet traffic.
The VPN client works I have a domain IP address and have configured the domain DNS server to resolve DNS. I am also using the domain's default gateway. I have added a route that says to use the domain gateway for the vpn connection.
I was able to join the workstation to the domain. But after that whenever I try to logon to the domain I get a message that the DC is not available. I can ping the DC.
What setting do I need to change??
August 28th, 2010 5:26pm
Hi Myrt ,
Thanks for post here.
After reading your post I understand that you are going to log in computer with domain account remotely via VPN connection.
If I misunderstand please let me know.
I think the issue you encountered because computer can’t reach remote domain controller to get account information when first login.
This could be done by using the ‘logon using the dial-up connection” option.
With using this option, when user attempt to login computer with domain account, system will establish VPN connection to the domain network first, so that the computer
in remote site could perform authentication with domain controller. I noticed that you are using Cisco VPN Client ,not quite sure that if windows support third party VPN connection in this method . I suggest to using Windows build in connection manager to
create the VPN connection, so that this connection will be listed in the “Choose a network connection” dialog box.
For more information please reference to the links below:
How To Configure and Use Dial-Up Connections in Windows XP
http://support.microsoft.com/kb/310410
Cached domain logon information
http://support.microsoft.com/kb/172931
If you want using DSL for internet traffic when VPN connected, please modify the VPN connection and disable option “Use default gateway on remote network”.
Here is the work around :
• Right-click the VPN connection , and
then click Properties.
• Click the Networking tab, click Internet
Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
• Click Advanced, and then click to check
the Use default gateway on remote network check box.
• Click OK, click OK, and then click
OK.
Meanwhile please also make sure that the remote access is on the top of the binding order on remote client side.
• Click Start, click Run, type ncpa.cpl
, and then click OK.
• You can see the available connections
in the LAN and High-Speed Internet section of the Network Connections window.
• On the Advanced menu, click Advanced
Settings, and then click the Adapters and Bindings tab.
• In the Connections area, select the
connection that you want to move higher in the list. Use the arrow buttons to move the connection.
I also found an old thread which discuss similar requirement and provided a good solution for you reference :
http://social.technet.microsoft.com/Forums/en-GB/winservergen/thread/8d471327-aa16-4b99-85a3-31df69efc349
Hope that’s helpful
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2010 5:24am
Hi myrt,
Please feel free to let us know if the information was helpful to you.
Thanks
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 3rd, 2010 12:03pm
I have read and applied your references but my problem remains the same.
A few notes. We have a Cisco ASA firewall that is configured to accept only the Cisco client VPN. Before logon the Cisco VPN client starts and successfully connects to the domain. But when I attempt to logon as a domain user the workstation cannot find the
DC. I can ping the DC using either the ip address or the DC's name so the connection is solid.
I attempted to use "Use dialup connection for logon" but I get a message to dial first.
Maybe I making a mistake in the network settings I am using. They are as follows (domain network: 10.145.0.0, local 192.168.1.0)
VPN settings (set manually)
IP: 10.145.1.2
DG: 10.145.100.4
DNS: 10.145.0.58
Local settings (set by local firewall)
IP: 192.168.1.45
DG: 192.168.1.1
DNS: 192.168.1.1
Free Windows Admin Tool Kit Click here and download it now
September 5th, 2010 8:57pm
Hi Myrt ,
Thanks for update.
You mentioned that “Before logon the Cisco VPN client starts and successfully connects to the domain.”
Could you describe in detail how did you do that?
As far as I know ,this issue occurred maybe because when logon with an account which never logon this computer before, the VPN connection
may been disconnected .
According the process of how the client locate domain controller that member computer will connect to DC for authentication when an account
attempted to logon. In your case, I afraid that VPN may not be established or disconnected ,mean DC cannot be reached in this process, then system will use local cache for logon computer ,but there is no record in cache because first logon ,so the logon process
failed and system prompted such notice.
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/kb/314861
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 6th, 2010 6:16am
I have a WinXP machine that has a client VPN connection to a Win2003 domain. The client also has a separate DSL connection to the Internet. I am using the Cisco VPN client.
I want to do three things: 1)Be able to use the XP machine as a domain workstation 2)Use the domain DNS server to resolve all queries. 3) Use the DSL for Internet traffic.
The VPN client works I have a domain IP address and have configured the domain DNS server to resolve DNS. I am also using the domain's default gateway. I have added a route that says to use the domain gateway for the vpn connection.
I was able to join the workstation to the domain. But after that whenever I try to logon to the domain I get a message that the DC is not available. I can ping the DC.
What setting do I need to change??
The domain account needs to have a local profile built for it before you can log in to that account when disconnected from the domain. Windows builds a local profile for the account when you first log in to the computer - the computer needs to be on the domain
for it to authenticate successfully. After that you can log in using the domain account when disconnected from the domain, ie before you have logged in to connect to the vpn.
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2011 4:03pm