Sign in with
Sign up | Sign in
Your question

Networking 2 offices! Need some help!

Last response: in Networking
Share
August 4, 2005 9:58:03 PM

I am running a VPN Tunnel connection between 2 offices. Both offices are using Linksys BEFSX41 VPN routers using Verizon DSL Static connections. At Office 1 we have a Server (Windows server 2000 and Domain) and a printer, at office 2 we have about 6 computers (Windows XP) and a printer. The computers at office 2 connect to the Server at office 1 via Remote Desktop.

The current problem is the 2 offices cannot see each other on the network, they can connect via VPN tunnel but if we want to print or file share we cannot see the other office. I have enabled file and print sharing on all the computers at both offices. I have some networking knowledge, I setup this VPN tunnel myself and it works great. But when I started reading about all this Domain and DNS info that might fix my problem I was completely lost.

Basically right now the priority is to print from one office to another. Here are my Linksys Router settings:

Office 1: Server Location
Internet Address: 66.12.76.189
Subnet Mask: 255.255.255.0
Default Gateway: 66.12.76.128
DNS 1: 4.2.2.1
DNS 2: 4.2.2.2

Office 2: Remote Location
Internet Address: 66.12.45.91
Subnet Mask: 255.255.255.0
Default Gateway: 66.12.45.90
DNS 1: 4.2.2.1
DNS 2: 4.2.2.2

Right now Office 1 is on a Domain called 1stManhattan.local while office 2 is on a workgroup. When I try to add the computers at office 2 to the 1stManhattan.local domain I get an error.

“The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain 1stManhattan.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.1stManhattan.local

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

1stManhattan.local
local
. (the root zone)”

Do you think my problem is caused by router settings? Or do I need to mess around with the DNS settings and get office 2 on the server domain?

More about : networking offices

August 4, 2005 10:38:16 PM

It's a strong chance to be a router setting that is disabled that needs to be enabled.. possibly something to do with IPSec.

Also, are they both on the same Subnet internally? router A could be 192.168.1.1 and router B could be 192.168.1.2? One should have DHCP disabled unless you're on different IP address ranges, same subnet (255.255.255.0). Then you would need to set up DNS within your router to first point to your server, then to your ISP's DNS.

Now, you're working with a Domain and a workgroup. You'll need to register your workgroup computers in DNS by joining the domain.

Are you able to Ping the server from your remote workgroup?

If your Server is handing out DHCP licenses to your remote workgroup, it should register in DNS if you have DNS settings on your computers correct.

Uncheck Append Parent Suffixes of the primary DNS suffix.
Check Use this Connections DNS Suffix in DNS Registration.

As long as you're pulling DHCP from the server, you should register in DNS and be able to join the domain.
August 4, 2005 11:15:10 PM

I currently have DHCP enabled at both offices because each office has its own independent Verizon Static DSL line. I thought that this was the correct setting but should I take office 2 off of DHCP?

I am able to ping from both sides to the other. If it is a router setting any ideas on which one? Both have an internal subnet mask of 255.255.255.0 is this incorrect?

"You'll need to register your workgroup computers in DNS by joining the domain."

I tried to do this by Right click my computer->Properties->Network Identification->Properties and when I entered the domain of the server from Office 1 I got this error:

"The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain 1stManhattan.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.1stManhattan.local

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

1stManhattan.local
local
. (the root zone)"<P ID="edit"><FONT SIZE=-1><EM>Edited by DeViLgunner on 08/04/05 07:22 PM.</EM></FONT></P>
Related resources
August 5, 2005 12:42:58 PM

And you confirmed that DNS is working properly?

The main problem here is that you have 2 DHCPs running. DHCP hands out information and adds records to DNS. If the server isn't handing out IP addresses to those other workgroups, even though they share the same IP scheme, it won't truly be able to join the domain. You need to get your workgroup working off your server's DHCP to join.

Or you can set up a small server on the workgroup side that hands out DHCP/DNS and create a trust between the two servers (the forest).
You could also join the second server to your working server to create a child domain, that way you'd have a server at each location should something happen with your verizon line.

You get 3 options basically.

Get all the computers working off the same DHCP server.
or
Set up a second server & domain, create a trust
or (this would be the better alternative to #2)
Set up a second server and join it as a child domain to your current domain.

You'll have to figure out if your DHCP requests are extending across the tunnel, which I'd say they probably won't.

I'll check out the settings of the vpn endpoint routers and let you know if I see something you need to change.
August 5, 2005 12:51:30 PM

would he also have to set up his routers to forward DHCP packets to the secondary site?

My PC:
Abit AX8 Socket 939 VIA K8T890
AMD Athlon 64 3200 Winchester
Sapphire Radeon X700 Pro 256 Mb PCIe
WD Raptor 37 Gb SATA
Corsair 2x512 PC3200 DDR Dual-Channel Platnium Edition
August 5, 2005 1:22:35 PM

Nah, DHCP doesn't work that way. Clients put the request to the Server, the server doesn't query for clients. So you'd have to do that backwards, but it gets blocked by the firewall.

There should be an option on the router for "DHCP over IPSec" which needs checked, which would allow dhcp over the tunnel (which is using IPSec protocol).

It should be that simple.. and now that I think about it, my standard linksys 4 port router has Enable IPSec passthrough on it, so I'm able to run a software VPN through my router.

The BEFSX41 should have a DHCP over Ipsec radial button to check, then it'll allow DHCP requests to be forwarded over the tunnel, but it'll need changed on both routers.
August 5, 2005 1:26:01 PM

Btw, edit your very first post you have. Take out your IP addresses because people can now hack you.

I noticed you're running Symantec's Raptor firewall.. people can openly hack you since they now know your IP addresses..

Just some advice on my part though. :) 

additionally, you should not allow port 23 (telnet) into your firewall, so you should setup an ACL on the firewall or some type of rule to block that, and your remote administration ports, 4##, don't know it off hand for the raptor.. block these from, at least, all WAN requests. If you have the r- (rlogin) features enabled, you might want to disable those as apparently there are a lot of hacks out there for it.


<P ID="edit"><FONT SIZE=-1><EM>Edited by riser on 08/05/05 09:32 AM.</EM></FONT></P>
Anonymous
August 5, 2005 7:17:02 PM

lol, remidns me that I have to try some stuff!havent had time :wink:

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0
August 5, 2005 9:04:34 PM

Thanks for the advice, I did change the last number of the IP's before I posted.

I did find a option on my Routers called IPSec Pass-Through is that the same as DHCP IPsec Pass through?
August 7, 2005 9:19:12 PM

That should cover the same thing.. that just means it will allow IPSec (ip security used in VPNs) to transfer through the router. You will want that enabled which may help the DHCP transfer through the tunnel.
!