I have a WinXP machine that has a client VPN connection to a Win2003 domain. The client also has a separate DSL connection to the Internet. I am using the Cisco VPN client. I want to do three things: 1)Be able to use the XP machine as a domain workstation 2)Use the domain DNS server to resolve all queries. 3) Use the DSL for Internet traffic. The VPN client works I have a domain IP address and have configured the domain DNS server to resolve DNS. I am also using the domain's default gateway. I have added a route that says to use the domain gateway for the vpn connection. I was able to join the workstation to the domain. But after that whenever I try to logon to the domain I get a message that the DC is not available. I can ping the DC. What setting do I need to change??

Hi Myrt , Thanks for post here. After reading your post I understand that you are going to log in computer with domain account remotely via VPN connection. If I misunderstand please let me know. I think the issue you encountered because computer can’t reach remote domain controller to get account information when first login. This could be done by using the ‘logon using the dial-up connection” option. With using this option, when user attempt to login computer with domain account, system will establish VPN connection to the domain network first, so that the computer in remote site could perform authentication with domain controller. I noticed that you are using Cisco VPN Client ,not quite sure that if windows support third party VPN connection in this method . I suggest to using Windows build in connection manager to create the VPN connection, so that this connection will be listed in the “Choose a network connection” dialog box. For more information please reference to the links below: How To Configure and Use Dial-Up Connections in Windows XP http://support.microsoft.com/kb/310410 Cached domain logon information http://support.microsoft.com/kb/172931 If you want using DSL for internet traffic when VPN connected, please modify the VPN connection and disable option “Use default gateway on remote network”. Here is the work around : • Right-click the VPN connection , and then click Properties. • Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties. • Click Advanced, and then click to check the Use default gateway on remote network check box. • Click OK, click OK, and then click OK. Meanwhile please also make sure that the remote access is on the top of the binding order on remote client side. • Click Start, click Run, type ncpa.cpl , and then click OK. • You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window. • On the Advanced menu, click Advanced Settings, and then click the Adapters and Bindings tab. • In the Connections area, select the connection that you want to move higher in the list. Use the arrow buttons to move the connection. I also found an old thread which discuss similar requirement and provided a good solution for you reference : http://social.technet.microsoft.com/Forums/en-GB/winservergen/thread/8d471327-aa16-4b99-85a3-31df69efc349 Hope that’s helpful Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi myrt, Please feel free to let us know if the information was helpful to you. Thanks Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have read and applied your references but my problem remains the same. A few notes. We have a Cisco ASA firewall that is configured to accept only the Cisco client VPN. Before logon the Cisco VPN client starts and successfully connects to the domain. But when I attempt to logon as a domain user the workstation cannot find the DC. I can ping the DC using either the ip address or the DC's name so the connection is solid. I attempted to use "Use dialup connection for logon" but I get a message to dial first. Maybe I making a mistake in the network settings I am using. They are as follows (domain network: 10.145.0.0, local 192.168.1.0) VPN settings (set manually) IP: 10.145.1.2 DG: 10.145.100.4 DNS: 10.145.0.58 Local settings (set by local firewall) IP: 192.168.1.45 DG: 192.168.1.1 DNS: 192.168.1.1

Hi Myrt , Thanks for update. You mentioned that “Before logon the Cisco VPN client starts and successfully connects to the domain.” Could you describe in detail how did you do that? As far as I know ,this issue occurred maybe because when logon with an account which never logon this computer before, the VPN connection may been disconnected . According the process of how the client locate domain controller that member computer will connect to DC for authentication when an account attempted to logon. In your case, I afraid that VPN may not be established or disconnected ,mean DC cannot be reached in this process, then system will use local cache for logon computer ,but there is no record in cache because first logon ,so the logon process failed and system prompted such notice. How Domain Controllers Are Located in Windows XP http://support.microsoft.com/kb/314861 Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have a WinXP machine that has a client VPN connection to a Win2003 domain. The client also has a separate DSL connection to the Internet. I am using the Cisco VPN client. I want to do three things: 1)Be able to use the XP machine as a domain workstation 2)Use the domain DNS server to resolve all queries. 3) Use the DSL for Internet traffic. The VPN client works I have a domain IP address and have configured the domain DNS server to resolve DNS. I am also using the domain's default gateway. I have added a route that says to use the domain gateway for the vpn connection. I was able to join the workstation to the domain. But after that whenever I try to logon to the domain I get a message that the DC is not available. I can ping the DC. What setting do I need to change?? The domain account needs to have a local profile built for it before you can log in to that account when disconnected from the domain. Windows builds a local profile for the account when you first log in to the computer - the computer needs to be on the domain for it to authenticate successfully. After that you can log in using the domain account when disconnected from the domain, ie before you have logged in to connect to the vpn.