I don't think so. The RRAS server is not NATed so the only NAT/PAT is on the client side but it shouldn't affect anythying because vpn is working and they can ping anything in the network. Also, when they vpn in, they are AUTHing against AD via RRAS and they can use TERM services in app mode. Also, the other users in this remote office are domain members whose login scripts execute when they log in. its just this one box that is flaky for some reason.
thanks Rick Kingslan wrote: > Sounds like there might be some NATing going on. Get with your > Network folks. I suspect that there is something going on at layers > 2 and 3 that are going to prevent what you want to do until the > DCPromo is completed. > > -rtk > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Thursday, May 19, 2005 8:56 AM > To: [email protected] > Subject: RE: [ActiveDir] Joining pc to domain over vpn > > I set up an lmhost file in that manner, but it didn't work. > > I think the host has a virus or worm of some sort. when i run a packet > sniffer, i don't even see the ip's of the DC's. > when i ping the DC's over the vpn, i get a reply back but when i look > in the sniffer(ethereal), the return address is the internal router > from a different subnet. > Its very strange and i don't know of any worm that could do something > like this. > but i don't know what else to think. > I ping DCa(by name and ip) and get a response back from DCa. When i > see the results in the packet sniffer, the reply address is a router > internal to my network on a complelty diff subnet than the DC OR the > client vpn ip. > also, when i try to join the domain, i see nothing of the subnet > where all our DC's are on in ethereal as well. > any thoughts? > thanks > > > > Craig Cerino wrote: >> This is how we have our LMHOSTS set up >> XXX.XXX.XXX.XX DCNAME #PRE #DOM:DOMAINNAME >> # "123456789012345*7890" >> XXX.XXX.XXX.XX "DOMAINNAME \0x1b" #PRE >> XXX.XXX.XXX.XX DCNAME #PRE #DOM:DOMAINNAME >> >> >> >> >> >> >> >> >> >> And have never had one issue >> - -Keep in min - after the last line (#DOM:DOMAINNAME) there are >> four carriage returns >> >> >> Just my 2 cents >> >> >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet >> Sent: Thursday, May 19, 2005 9:33 AM >> To: [email protected] >> Subject: RE: [ActiveDir] Joining pc to domain over vpn >> >> I've run into something similar. I've forgot the details, but best I >> remember it involved joining a member server to a domain where >> NETBIOS name resolution was not available. >> >> Anyway, try creating an LMHOSTS file on the client with the following >> >> # DC >> nnn.nnn.nnn.nnn YOURDC #PRE #DOM:DOMAIN >> Nnn.nnn.nnn.nnn "DOMAIN \0x1b" #PRE >> >> Where nnn.nnn.nnn.nnn is the IP address of the domain controller >> DOMAIN is the NETBIOS name of the domain >> >> IMPORTANT! The name in the second line MUST end up containing exactly >> 16 characters. Put your domain name in and pad with spaces out to 15 >> characters before the \0x1b character. The \0x1b counts as one >> character. >> >> >> >> ________________________________ >> >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom >> Sent: Wednesday, May 18, 2005 3:28 PM >> To: [email protected] >> Subject: RE: [ActiveDir] Joining pc to domain over vpn >> >> >> That didin't work. >> I added a wins server anyway and i can ping both the wins and dns >> servers in the domain over the vpn. >> I can also do an nslookup and get the srv rr's. >> >> Still get the same "the network location could not be reached" error. >> I must be connecting to a dc because i am being prompted for a >> username and password to join the domain. >> does windows xp still use netbios to join a domain, btw? >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, May 18, 2005 4:12 PM >> To: [email protected] >> Subject: Re: [ActiveDir] Joining pc to domain over vpn >> >> >> >> I"ve have had to do this in the past; I used the LMHOSTS file >> with the #DOM qualifier for the PDCE for the domain. >> >> Something like: >> >> 10.10.10.1 servername #PRE #DOM:domainname >> >> This has worked using Secure Remote and Nortel VPN client >> software. >> >> >> >> >> >> >> >> >> "Kern, Tom" <[EMAIL PROTECTED]> >> Sent by: [EMAIL PROTECTED] >> >> 05/18/2005 03:47 PM >> Please respond to >> [email protected] >> >> >> >> To >> "ActiveDir (E-mail)" <[email protected]> >> cc >> >> Subject >> [ActiveDir] Joining pc to domain over vpn >> >> >> >> >> >> >> Can you join a pc to a domain over a win xp pptp vpn connection >> with changing the dns settings on the network adapter or does windows >> use only those settings and NOT the one's on the vpn adapter? >> >> If i don't change the dns settings on the nic adapter(the vpn >> adapter has the correct settings), i can't contact the domain. >> if i change the nic adapter dns settings, i get up to the part >> where i'm prompted for a password, but then it fails with >> "domain.tld could not be contacted" >> >> >> I'm using windows xp sp1 client with the default pptp vpn to a >> win2k RRAS server >> >> Any ideas? >> thanks >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> >> >> This e-mail, and any attachment, is intended only for the person >> or entity to which it is addressed and may contain confidential >> and/or privileged material. Any review, re-transmission, copying, >> dissemination or other use of this information by persons or entities >> other than the intended recipient is prohibited. If you received this >> in error, please contact the sender and delete the material from any >> computer. The contents of this message may contain personal views >> which are not the views of Discovery Communications, Inc. (DCI). >> >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
