Windows Domain logon through vpn

Wed, Jan 12, 2005 2-minute read

When making a site-to-site or site to site vpn connection with either hardware firewalls or windows servers, then trouble may arise when trying to log onto a domain that resides on the other side of the vpn connection.

The reason for this is that in networks without a WINS server the domain controller is found by broadcasting, and most firewalls do not send broadcast packets through vpn connections.

This will prevent clients from logging on to domains without cached logon information, which in turn will prevent automatic logon to domain resources on the network. e.g. file shares, web servers etc.

To make all this work, you can setup a WINS server on the site that does not have a domain controller, or you could even make the domain controller on the remote site host the WINS server as well.

When giving out ip addresses to clients you then have to specify a wins server, so clients will send wins requests to that server.

If the WINS server is not in the same domain as the domain controller, then you must create static entries for both the domain, and the domain controller.

When specifying ip-addresses, you enter the same ip-address in both the entry for the domain controller and for the domain.

If you have a wins server where it is possible to create an entry for the domain master browser, then create an entry for that as well, as it will enable you to browse the domain network.