1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

7 Remote Offices on the VPN [simplifying browsing]

Discussion in 'Networking (Hardware & Software)' started by smigen, 2006/11/10.

  1. 2006/11/10
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    Hi Folks,

    It's been awhile since my last visit and things have changed quite nicely in the Employment area of my life. I've scored a very nice IT position with a growing Civil Engineering Co. They like my abilities and have let me change quite a few networking senarios within the Co.

    Anyway.....on to the heart of the matter!

    I've got 7 WG Soho 6's at 7 locations within 4 States. All the Office's are running 1 AD server of the 2000 AS or 2003 variety. All of them are on their own individual .local Domains. I've reconfiguring some of their "static" IP addressing scheme's (which were public address's) to non-routable /24 networks (1.0 thru 7.0) using DHCP and "Reservations" within the pool for workstation, printer, plotter and WiFi AP IP assignment consistancy.

    I can reach out and touch any box within the Co. via RDP but I want to be able to grab them by name instead of IP. I hate logging into the Server for that Office and looking up a station's IP from with the DHCP Reservation's table so I can take control. Interoffice I can just type the boxes name into RDP window and POP.....I got it. I'd like to use this same technique to the other office's but I can't......yet.

    There's got to be a way for me to type in ex: phxmad and grab mad's box in PHX. from ABQ. instead of entering xxx.xxx.6.53.

    Secondly, I'd like to bring all of the seperate .local domain's under the umbrella of the main offices domain. You know what I mean....like this

    phx.myengineering.local, dal.myengineering.local, etc...

    Hard to do at this point?

    I didn't start this network but I'm having fun cleaning it up! =)

    btw.....I bought Mark Minasi's "Mastering Windows Server 2003" for assistance.

    Great book!
     
  2. 2006/11/10
    Bill Castner

    Bill Castner Inactive

    Joined:
    2006/08/30
    Messages:
    1,980
    Likes Received:
    0
    Save the RDP Connectoids.
    Then you can just point at the appropriate connectoid script rather than having to type all the information each time.

    To open a saved connection

    1. In Windows Explorer, open the My Documents\Remote Desktops folder.

    2. Click the .Rdp file for the connection you want to open.

    3. Remote Desktop starts and the connection is made.

    Note: A Remote Desktop file (.rdp) file contains all of the information for a connection to a remote computer, including the Options settings that were configured when the file was saved. You can customize any number of .rdp files, including files for connecting to the same computer with different settings. For example, you can save a file that connects to MyComputer in full screen mode and another file that connects to the same computer in 800x600 screen size. By default, .rdp files are saved in the My Documents\Remote Desktops folder. To edit an .rdp file and change the connections settings it contains, right-click the file and then click Edit.
     

  3. to hide this advert.

  4. 2006/11/11
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    Saving 200+ symlinks, then navigating through them in order to click is more of a hassle then throwing "dalmek" in a RDP box or "rdesktop dalmek" into eterm and pressing enter. (I use FreeBSD alot on the network)

    I'm assuming that because the computer "dalmek" is in DAL.local's AD but not in ABO.local's AD is why this works while in the Dallas office but not from Albuquerque's. Would bringing the independant domain's into the forest of the domain myengineering.local spiffy this situation up?
     
  5. 2006/11/11
    Bill Castner

    Bill Castner Inactive

    Joined:
    2006/08/30
    Messages:
    1,980
    Likes Received:
    0
    The shortcuts are files. They can be organized into folders.

    In addition you can script shortnames if you prefer:

    Place the file instructions above in a notepad session and save in \Windows\System32 as a file named rdesktop.cmd

    Rename your connectoids as you wish to make them easy to remember. For example, you could have a connectoid named Dalmek.

    You can then to Winkey + R or a Start, Run, and type:
    rdesktop dalmek
     
  6. 2006/11/11
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    Thanks for the suggestions but CTL+ALT+t then dalmek, enter seem's fluider for that matter.

    Were bantering about the least of the issue's. It being, not being able to hit dalmek or daltib or etc... from the ABO office to the DAL office or the PHX office for that matter. Do I need to bring them (the individual .local's) into the myengineering.local domain so all the AD's are under one roof?
     
  7. 2006/11/11
    Bill Castner

    Bill Castner Inactive

    Joined:
    2006/08/30
    Messages:
    1,980
    Likes Received:
    0
    You do not get name resolution over .local Domains outside of the Domain.

    Your only choice would be to create and implement a global LMHOSTS files for all clients as you most certainly do not have a Global Catalogue.
     
  8. 2006/11/11
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    I have a similar set up at work. I've configured DNS so as to give me name resolution for the remote networks. To do it you need to do the following:
    • Open the DNS management console dnsmgmt.msc
    • Right click on the root of your domain and select "New Zone ". That will start up the new zone wizard.
    • Click Next on the first screen and then select "Secondary Zone" from the next menu
    • Select that the new zone is a forward lookup zone on the next screen
    • Enter the zone name: e.g. phx.local
    • Then you'll be prompted for the address of the master DNS server. That's the address of the DNS server on the target network. So if you are setting up phx.local, the server IP will be that of the DNS server on the phx.local network.
    • Then complete the wizard.
    What will happen now is that on your network you will be able to connect to a PC on the newly registered network via its DNS name.

    Basically, what happens is that you make a request to your DNS server to resolve the name. The DNS server see the secondary DNS entry and realises it needs to go to the remote server and request the IP address from that server. That server then returns the correct IP address.

    I wouldn't join the domains together at the Active Directory level over an DSL VPN. Connecting the remote branches together into a single forest will add extra traffic to your VPN connection. And with VPN over DSL, bandwidth is at a bit of a premium.
     
  9. 2006/11/11
    Bill Castner

    Bill Castner Inactive

    Joined:
    2006/08/30
    Messages:
    1,980
    Likes Received:
    0
    You are going to find the .local DNS servers do not have a public IP.

    The name resolution will work fine once the VPN connection is made, as the local DNS server will be used in this instance for name resolution (if so configured).

    You can also increase the name resolution profile of XP and Win2003 servers: http://support.microsoft.com/default.aspx?scid=kb;en-us;281307

    But I thought the issue was resolving a remote name prior to making the VPN connection. Creating a forwarder to a DNS server without a WAN address is unlikely to help.

    The only facility Windows offers is LMHOSTS and possibly WINS.
     
    Last edited: 2006/11/11
  10. 2006/11/11
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    I didn't think about the extra consumed bandwidth of joining them all into a single forest on our current DSL connections......good point,. Thanks for the headsup ReggieB.

    The SOHO's VPN connectons are always connected so I see the DNS forwarders as the simplist option. All of the DNS servers are at the same IP address, but obviously on different 3rd quad IP's.

    Thank you both for sharing your concepts on how to solve this and make my life easier.

    I'll report back when it's working and how.

    Regards.
     
  11. 2006/11/11
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    Saturday night and I'm dwiddling with computers........sheesh!

    Anyway, I got bored so I logged into two of the server's at different offices and created their respective DNS entries for each other. Both DNS servers are running correctly and updating the other's zones properly. Still no joy on the "dalmek" only RDP entry for connecting. Viewing dalmek's Host (A) record show's all to be in proper order. I can hit it now with "dalmek.DAL.local" which is better than IP but still not easy enough.

    So for grins and giggle's I created a Host (A) record within ABO.local's zone for the dalmek box in DAL office's domain and gave it it's DAL network IP. BINGO! Now it works as desired.

    [​IMG]

    Do you guys see a problem in doing this?
     
    Last edited: 2006/11/11
  12. 2006/11/12
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    I think what you are saying is that you want to connect via NetBIOS name (single node name) rather than the hierarchical DNS name. Yes, I think what you've done works because the Windows NetBIOS name system will pull names from the local DNS server. You could also use static entries into WINS.

    Within a private network, you can do what you like with object names. You can have a cheese root domain and call your daughter domains by type of cheese if you want. www.doublegloucester.cheese is possible. You can also create all sorts of name mappings in HOSTS files, DNS A hosts, LMHOST and static WINS entries.

    There are two main issues:
    1. The more you deviate from the normal or standard practice, the more likely you will confuse people who come to work on your network in future. Especially with local file customisation (HOSTS, LMHOST), things can get very complicated and difficult to fault find, if you customise too much.
    2. You need to think about how your naming conventions impacts your access to the internet. For example, were you to pick a root name of cheese and for some unlikely reason an internet root domain of cheese got ratified, you would not be able to connect to interent resources in the cheese domain by name (unless you map them all in you DNS server). The great thing about using standards (like using a local root domain of local) is that you can be confident that the decisions you make now will be unlikely to cause a problem in the future.

    Therefore, I would give the following advice:
    • Keep the customisation as simple as possible.
    • Maintain common names (avoid having one name for a resource locally, and another name for the same resource remotely).
    • Document the customisation(a wiki is great for this soft of thing).
    • Remember that manual entries such as A records, will not automatically update themselve. If in future you need to change the IP addresses of these resources, you will also have to manually update these A records.
     
  13. 2006/11/12
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    Another thing to consider is that if you use NetBIOS names, all computer names will have to be unique within you whole network for you to be able to connect to them all. With DNS names you only have to maintain uniqueness within each zone.

    So with dns you could have computer1.zone1.local and computer1.zone2.local, but with NetBios the two names "computer1" would conflict.

    Personally, I'd stick with full DNS names. This is what I do on my network. Yes it means more typing, but I find the full name easier to maintain, requires less customisation, and I alway know where I am because the branch name is in the node name. I don't have to think "Which network is Stewart's PC in ", as the DNS name tells me that: stewartpc.branchname.local.
     
  14. 2006/11/12
    smigen

    smigen Inactive Thread Starter

    Joined:
    2006/07/03
    Messages:
    26
    Likes Received:
    0
    Actually, this does seem like the best and cleanest solution let alone easiest to set up. A little of this, a little of that and the zones update each other all in their appropriately named spiffy little DNS zone. I can also see the clarity of entering phxcet.PHX.local as being double sureity I'm heading where I want to on a busy day. Yeah....it's a few extra ratta tat tat's on the keyboard but I'll just take another drag off my Pall Mall during the keystrokes. (I really wasn't looking forward to all the custom Host (A) reord creation)

    There are no pre-2000 boxes anywhere within the Co. so I've already killed the WINS daemon. I'm also considering axing NetBIOS during the DHCP IP request phase.

    Thanks again to both of you for the guidance
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.