Using a VPN to logon to a domain using hishspeed , HELP please

Change your slow link detection thresholds in group policy on your domain controller.

For more info you might want to do some searches on "slow link detection" on microsoft's technet website, or google. Also the newsgroup: microsoft.public.windows.server.active_directory Will be better at dealing with this problem if you can't find the info.

Le me put this another way.

Q: How does the VPN relate to LDAP or drive mappings? A: It doesn't. They are 2 separate and distinct pieces of technology and as long as the IP link is established, you do not have a problem with the VPN.

If you are having trouble with Exchange, then why are you posting in VPN newsgroups? As long as your VPN connection is giving you IP level connectivity to the server and assigning the correct DNS and WINS servers then your problem is not with the VPN.

Hi again,

I am oviously not sure where the problem lies. > snipped-for-privacy@yourmama.com wrote:

Many things are tied to slow link detection. The workstation stays in offline mode if the link to the login server is detected as slow.

There is also the possibility that your VPN connection is not configured properly for DNS and WINS server settings. If your VPN client is given the IP of your ISP's DNS server instead of the internal active directory DNS server your client will not even know that it's connected to the corporate network. It needs to lookup some special records in DNS when you connect. Every time you bring up a new connection with the microsoft client bound to it, the client will attempt to locate the domain controller to see if you just connected to the corporate network. If it cannot find the domain controller because you are giving the client the wrong DNS settings then this will also cause the problem you describe.

If the client is getting all the correct DNS and WINS settings when you connect but the link is detected as being slow then you will not automatically reconnect network shares. You will not get login scripts to run. The client will not download certain group policy changes. Exchange probably has it's own behaviour on a slow link but I'm not familiar with it right now.

To test you can connect the vpn and try to ping: gc._msdcs.DOMAIN where DOMAIN is the full domain name of your active directory you are trying to log on to. eg: if you configured your active directory to be marketing.yourmama.com you would test by doing: ping gc._msdcs.marketing.yourmama.com If you DNS is working while connected to the VPN it should resolve to the IP address of one of your global catalog domain controllers. If it's not then you will get a failure. Though strangely enough after trying my example I now notice that there is a wildcard entry for the yourmama.com domain so anything and everything *.yourmama.com will resolve to the ip 64.40.102.41. Maybe a bad example but it does at least illustrate that even if your ping command generates a response you should double check to make sure that the IP returned is a correct one. In the case of the global catalog servers the dns lookup should report one of the domain GC's at random due to the round robin dns configuration that is used for this lookup. If you only have a single GC server then you will always get the same IP. If you don't flush your DNS cache you will keep getting the same IP reported until your local resolver cache expires. (You can flush the local DNS cache by using the ipconfig /flushdns command)

Hi ,

This router seems fine one minute then is completely unreachable the next either by VPN or Remote Admin interface. I am in the process of matching both MTU's on receiving and sending routers but is there something I'm missing? TIA

my real email is dlochhead AT elctech.net ignore the fake one

I'm not sure if this is what you're talking about, but I think there is an option Checkpoint for enabling "Secure Domain Login". You had mentioned cached credentials earlier so I'm assuming your pc is a domain member but you log on using cached credentials then connect via vpn.

If that is the case, you migh want to try changing Checkpoint so the Secure Domain Logon is enabled. I think it's "Configure, then look under "Passwords". It's a toggle on or off. What happens after reboot is you put in your credentials and the vpn stuff almost at the same time. You then get your domain logon scripts etc so if that is where the drive mappings are coming from you should now have them back.

HTH

If I somehow missed the mark on this, sorry! :)

Harry

Mike Drechsler - SPAM PROTECTED EMAIL wrote:

Ha®®y

snipped-for-privacy@online.ie