|12 Jan 2010||#1|
| || |
Domain VPN / Map Drive Issue
I've got a Windows 7 Pro OS (64bit); connected and authenticated on the works domain (ipv4.dnsName = company.local). Inside the network (same physical switches); i can logon and map network drives to every share perfectly (part of the logon script for all users).
>net use X:\ \\company.local\DFSSHARE\VOLUMEWindows XP Pro uses the same command too and works also on site.
Taking the machines off site; we allocate users (esp laptop users) with a dedicated VPN (host-site virtual connection). again as part of the logon script drives are mapped. Windows XP users can remotely connect the VPN and logon; mapping all drives successfully.
However; windows 7 users; have to logon, connect the VPN, and re-attempt the map drives script (erroring). the VPN is perfect; outlook connects to our mailserver, we can ping every host, and even browse to see a list of machines. (yeah all firewalls turned off including hardware and software ones)
Usign a VPN on Win 7; Once logged in; I use the same VPN setup as XP; forcing the DHCP IP; but Fixing DNS (firewall doesn't announce them, but thats a seperate issue). that's it.
using the following on windows 7 pro and ultimate remotely (logged no as a network user) i get:
>net use X:\ \\company.local\DFSSHARE\VOLUMEAll off our company's mapped drives are inside this DFS structure (for redundency etc etc). And we cannot map to it.
From memory the DNS name "company.local" points to both domain controllers (dc-01 and dc-02); however when browsing the SMB shares; it looks up Active Directory DFS roots for "comapny.local" and displays all content.. again for Win XP Pro this is not a problem; just Windows 7. it's even worked on Windows Vista in the past so it's something new.
Has anyone got any ideas?
I have 4 machines now with this issue (needed in production yesterday); and expected to be getting more laptops sometime soon; so any help people can provide would be greatly appreciated.
|My System Specs|
|13 Jan 2010||#2|
| || |
Progress but not a complete fix.
It looks like Windows 7 (excluding the VPN) removes the DNS suffix from it's TCP NetBios name when it's assigned an IP from any other DHCP server (except works). So connecting to a 'home' wifi; allocates it's IP perfectly; and sets the DNS suffix to null.
Right that means that when the VPN is connected; the network adapter is set to have a fixed DNS suffix...
the dns suffic is "domain.local". (it works for Win XP, why should Win 7 be any different).
So... if i specify a set of ping commands locally (on the works LAN).
PING MAIL > successfully resolves mailservername.domain.local as the FQDN... and success,
on the VPN...
PING MAIL > suggessfully resolves (after a bit of a delay)... mailservername.domain.local as the FQDN... and again success.
PING MAIL.DOMAIN.LOCAL > response from mailservername.domain.local... perfect!
so DNS lookups take time and do work...unless you put the DNS suffix in... logical
Right... the penultimate problem still remains though...
The domain controllers share a common name (the domain name = "domain.local").
PING DOMAIN.LOCAL > resolves the FQDN as DOMAIN.LOCAL > response from the primary DC - success.
on the VPN:
PING DOMAIN.LOCAL > no FQDN resolved... DNS times out... no response...
Windows 7 cannot locate the FQDN for DOMAIN.LOCAL; but only through a VPN interface... looks like it only checks the Primary Network Adapter's DNS servers... because they are definately set.
god this is getting complicated...
|My System Specs|
|Similar help and support threads for2: Domain VPN / Map Drive Issue|
|DNS Issue - Can't use domain names for websites only the IP Address||Network & Sharing|
|VPN Network Shared Drive Error Domain/Non-Domain Differences||Network & Sharing|
|Domain issue||Network & Sharing|
|Own domain 'junk' issue||Browsers & Mail|
|Domain Join issue||Network & Sharing|
|Double login issue on domain||Network & Sharing|
|Media sharing issue (On a domain)||Network & Sharing|