Logon VPN
Can't run logon
scripts - Can't access roaming profiles and home folders
Can't
run logon script by using VPN
How to authenticate a
remote client to the DC
How to
limit VPN user logon time
VPN logon using NT logon
ID and password
Can't run logon
scripts - Can't access roaming profiles and home folders
Symptoms: 1. When a VPN client, he can't run
the logon scripts and can't access to group policies, roaming profiles, and
home folders.
2. You may receive the following event: Event ID 5719 - No Windows NT or
Windows 2000 domain controller is available for domain {domain name} the
following error occurred: There are currently no logon servers available to
service the logon request.
3. When checking the ipconfig, you may find that the client is configured to
use p-node or m-node for NetBIOS name resolution. Note: This node type may
have been set manually, or through a Dynamic Host Configuration Protocol
(DHCP) lease that sets DHCP option 46.
Resolutions: This problem is a result of a
timing issue that prevents the RAS client from locating a logon server.
1. Apply latest SP.
2. You can work around this problem by using hybrid mode.
Can't run logon script by using VPN
Symptoms: When trying to log on to a domain from a w2k/xp VPN client, you
may not be able to run logon script and access to group policies, roaming
profiles, and home folders. The following event may also be logged in the
System event log: "Event ID 5719
No Windows NT or Windows 2000 domain controller is available for domain
{domain name} the following error occurred: There are currently no logon
servers available to service the logon request." This problem occurs only
if the client is configured to use p-node or m-node for NetBIOS name
resolution. This node type may have been set manually, or through a Dynamic
Host Configuration Protocol (DHCP) lease that sets DHCP option 46.
Resolutions: 1) You can run regedit to change the mode to hybrid mode
NetBIOS name resolution.
2) Or download the latest service pack for Windows 2000.
How to authenticate
a remote client to the DC
1. Setup site to site VPN.
2. Use log on using Dial-Up connection.
How
to limit VPN user logon time
1. If you have domain control, setup Logon Hours under AD Users and
Computers
2. Use Remote Access Policy to setup access time (see attached).
3. Use net user command line to restrict logon hour.
VPN logon using NT logon ID
and password
To let a user logon from VPN using the same NT
logon ID and password, you can 1) setup the VPN user ID and password same as
NT ID and password; 2) you can authenticate to a Radius and then point to the
NT domain server for PPTP user authentication.
|