Sounds like there might be some NATing going on. Get with your Network folks. I suspect that there is something going on at layers 2 and 3 that are going to prevent what you want to do until the DCPromo is completed.
-rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, May 19, 2005 8:56 AM To: [email protected] Subject: RE: [ActiveDir] Joining pc to domain over vpn I set up an lmhost file in that manner, but it didn't work. I think the host has a virus or worm of some sort. when i run a packet sniffer, i don't even see the ip's of the DC's. when i ping the DC's over the vpn, i get a reply back but when i look in the sniffer(ethereal), the return address is the internal router from a different subnet. Its very strange and i don't know of any worm that could do something like this. but i don't know what else to think. I ping DCa(by name and ip) and get a response back from DCa. When i see the results in the packet sniffer, the reply address is a router internal to my network on a complelty diff subnet than the DC OR the client vpn ip. also, when i try to join the domain, i see nothing of the subnet where all our DC's are on in ethereal as well. any thoughts? thanks Craig Cerino wrote: > This is how we have our LMHOSTS set up > XXX.XXX.XXX.XX DCNAME #PRE #DOM:DOMAINNAME > # "123456789012345*7890" > XXX.XXX.XXX.XX "DOMAINNAME \0x1b" #PRE > XXX.XXX.XXX.XX DCNAME #PRE #DOM:DOMAINNAME > > > > > > > > > > And have never had one issue > - -Keep in min - after the last line (#DOM:DOMAINNAME) there are four > carriage returns > > > Just my 2 cents > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet > Sent: Thursday, May 19, 2005 9:33 AM > To: [email protected] > Subject: RE: [ActiveDir] Joining pc to domain over vpn > > I've run into something similar. I've forgot the details, but best I > remember it involved joining a member server to a domain where NETBIOS > name resolution was not available. > > Anyway, try creating an LMHOSTS file on the client with the following > > # DC > nnn.nnn.nnn.nnn YOURDC #PRE #DOM:DOMAIN > Nnn.nnn.nnn.nnn "DOMAIN \0x1b" #PRE > > Where nnn.nnn.nnn.nnn is the IP address of the domain controller > DOMAIN is the NETBIOS name of the domain > > IMPORTANT! The name in the second line MUST end up containing exactly > 16 characters. Put your domain name in and pad with spaces out to 15 > characters before the \0x1b character. The \0x1b counts as one > character. > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Wednesday, May 18, 2005 3:28 PM > To: [email protected] > Subject: RE: [ActiveDir] Joining pc to domain over vpn > > > That didin't work. > I added a wins server anyway and i can ping both the wins and dns > servers in the domain over the vpn. > I can also do an nslookup and get the srv rr's. > > Still get the same "the network location could not be reached" error. > I must be connecting to a dc because i am being prompted for a > username and password to join the domain. > does windows xp still use netbios to join a domain, btw? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 18, 2005 4:12 PM > To: [email protected] > Subject: Re: [ActiveDir] Joining pc to domain over vpn > > > > I"ve have had to do this in the past; I used the LMHOSTS file > with the #DOM qualifier for the PDCE for the domain. > > Something like: > > 10.10.10.1 servername #PRE #DOM:domainname > > This has worked using Secure Remote and Nortel VPN client > software. > > > > > > > > > "Kern, Tom" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > > 05/18/2005 03:47 PM > Please respond to > [email protected] > > > > To > "ActiveDir (E-mail)" <[email protected]> > cc > > Subject > [ActiveDir] Joining pc to domain over vpn > > > > > > > Can you join a pc to a domain over a win xp pptp vpn connection > with changing the dns settings on the network adapter or does windows > use only those settings and NOT the one's on the vpn adapter? > > If i don't change the dns settings on the nic adapter(the vpn > adapter has the correct settings), i can't contact the domain. > if i change the nic adapter dns settings, i get up to the part > where i'm prompted for a password, but then it fails with "domain.tld > could not be contacted" > > > I'm using windows xp sp1 client with the default pptp vpn to a > win2k RRAS server > > Any ideas? > thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > This e-mail, and any attachment, is intended only for the person > or entity to which it is addressed and may contain confidential and/or > privileged material. Any review, re-transmission, copying, > dissemination or other use of this information by persons or entities > other than the intended recipient is prohibited. If you received this > in error, please contact the sender and delete the material from any > computer. The contents of this message may contain personal views > which are not the views of Discovery Communications, Inc. (DCI). > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
