Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Setting up VPN on Win2003 R2

    It appears I have a lot to learn.

    Here are the basics: Windows 2003 R2 Standard, acting as a domain controller and file server. 9 users. Five static IP addresses.

    I've never set up a VPN on 2003 server, and was using http://searchexchange.techtarget.com/news/...1069414,00.html as a guide. Right around step 6, all users lost communication with the server. At this point I had set up a group in AD to manage policies for VPN users.

    What I'm stuck with now is two-fold, but one issue is critical: computers that were already members of the domain had no connectivity issues. All other workstations lost their name resolution - the server is still on the network and visible, but cannot be reached using its name; IP only. To get around this I added the IP address of the server to everyone's HOSTS file, but there has to be a reason name resolution went off the deep and no longer works.

    Secondly, given that I still have no working VPN server, can anyone recommend a reference or learning materials on how to do this properly? I'd much prefer not to have the domain controller take on an additional role given that it already handles file serving as well as authentication, but to be frank I don't think the load would amount to much anyway.

    Thanks in advance for helping a fledgling server admin!
    -Mark

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Joe

  3. #3
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    Good resources, thank you Joe! Unfortunately the section on troubleshooting DNS has led to no real answers. To be honest, I'm not sure what to check, but I believe it must be a policy setting that is making this happen. Machines that are domain members (about half of our workstations) can resolve names through the DNS server, but workstations that remain in a workgroup (due to software requirements) cannot resolve names. I'm stumped.
    -Mark

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    I wonder if it has anything to do with guest/anonymous access on the DNS server.

    Joe
    Joe

  5. #5
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    I don't know. The Guest account is disabled, but I was considering also the fact that I now have a static IP in the mix where I didn't before. The DNS server will need to communicate with the outside world somehow, and since I'm far from well versed in DNS it's time to read up and learn. In the meantime, I would love to know what got my 2k3 box in a snit. The workaround is not a permanent solution. Even the shares work properly, so users are being authenticated. <img src=/S/confused.gif border=0 alt=confused width=15 height=20>
    -Mark

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    Can you tell me a little more about your hardware topology? Do you have three servers involved? What roles do each play?

    Joe
    Joe

  7. #7
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    Joe, sorry it took so long to get back on this one. Here are the details you requested:
    <UL><LI>One hardware firewall (SonicWall) where the Internet connection comes into the building. It also serves up DHCP leases to clients.
    <LI>One physical server, Win2K3 R2 as the base OS. When I refer to "servers" I'm using it in the more generic sense, meaning that the server applications are set up and running - on one physical box.
    <UL><LI>Domain Controller (operational)<LI>File Server (operational)<LI>FTP Server (not operational<LI>VPN/Radius Services (not operational)[/list]<LI>This server is the domain controller, among its other functions. I realize this is a lot to cram on one physical server, but I haven't been able to loosen the purse strings far enough to get another box yet.
    <LI>There are approximately 10 client workstations at this time.[/list]Again, my biggest single problem at this point is that domain members can resolve the server's IP address, but all other workstations must have the entry in their HOSTS file. This "change" occurred when setting up VPN services.
    -Mark

  8. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    Has your Firewall been your DHCP server all along? Did you add the DNS server name and IP address to the DHCP Scope?

    Joe
    Joe

  9. #9
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    Yes, the firewall has always been the DHCP server - but maybe it shouldn't be. There was no place in the configuration to enter the DNS name, although the permanent IP address that I recently had set up was entered and everything was working properly - until the VPN Wizard did its thing. I'm almost certain it's a security setting that was changed, because the functionality isn't gone, just hard to get to.
    -Mark

  10. #10
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    I'm not sure where to look but it sure seems as though some setting about authenticated users got enabled.

    Joe
    Joe

  11. #11
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    Also, I don't know that having the firewall as the DHCP server is good or bad. It is just somewhat different than the directions in the link you provided. I suppose it should not make any difference.

    Joe
    Joe

  12. #12
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    I'll have to dig and see what policies apply to authenticated users. That sounds accurate.

    As it relates to the firewall, I think simplicity would demand that it simply passes traffic on to the server, and the server fills the DHCP role. I'm trying to make the best of a mess that existed when I arrived at the company!
    -Mark

  13. #13
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    I'd think the same about the firewall. I've got DHCP disabled at the firewall and running on the win2k3 server. Straightening up messes like you've got sure takes a lot of time and energy. I've had to cleanup more than one during the my various incarnations. You've got my sympathy. Meanwhile, I'll try to dig around some more to see what I can find on configuring a VPN.

    Joe
    Joe

  14. #14
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Setting up VPN on Win2003 R2

    Thanks Joe... that will help. I'm seriously contemplating backing up the user data, blowing out Server and reloading it. Since we have a small group (9 total) I think it would be beneficial in the long run, because then I would be starting with a known quantity. There truly are few benefits to having a domain for a group of this size, although the ability to have roaming profiles is nice. Not to mention, I'd just like to learn it!
    -Mark

  15. #15
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Setting up VPN on Win2003 R2

    Unofrtunately, I've been unable to come up with anything more concrete. I'd just caution you that going from a domain to a workgroup is not just a matter of reloading the server. There are security ownership issues with files on the server and clients. You could have software problems on the clients if anyone was able to install software and have done so under the domain userid. I'm sure there are other things I can't think of off the top of my head.

    Joe
    Joe

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •