client login to domain controller behind VPN appliance - possible?

  • Thread starter Thread starter Todd H.
  • Start date Start date
T

Todd H.

Greetings,

I'm new to Windows Server 2003, but been around computing for quite a
while. I'm contemplating a centralized profile solution for two mobile
users (we hope to grow eventually to 5-10).

For our mobile, dispersed workforce, I'm a dedicated Windows 2003
server externally hosted, and (hopefully) accessible behind a managed
non-microsoft VPN appliance. This vpn appliance uses its own client
software to connect.

My question is whether/how an XP Pro client would initially login to
the domain... because they'll need to login to their worksation first
to launch the vpn client to be able to see the win2003 server at all.


Is this a situation where the initial connection to the domain must be
on the LAN so the profile can be pulled down from the domain
controller?

Thanks in advance for any help or pointers to documentation -- my
searching at microsoft.com for info on this setup has not been
fruitful (lots of talk about ISA server and microsoft VPN's). If what
I'm trying to accomplish is irretrievably screwed, I'd also welcome
alternative setup suggestions!

Best Regards,
--
Todd H.
http://toddh.net/
 
> Is this a situation where the initial connection to the domain must be
> on the LAN so the profile can be pulled down from the domain
> controller?

Yes.

After that they can log into the domain with cached credentials.


hth
DDS

"Todd H." <comphelp@toddh.net> wrote in message
news:84wsxdz5ct.fsf@ripco.com...
>
> Greetings,
>
> I'm new to Windows Server 2003, but been around computing for quite a
> while. I'm contemplating a centralized profile solution for two mobile
> users (we hope to grow eventually to 5-10).
>
> For our mobile, dispersed workforce, I'm a dedicated Windows 2003
> server externally hosted, and (hopefully) accessible behind a managed
> non-microsoft VPN appliance. This vpn appliance uses its own client
> software to connect.
>
> My question is whether/how an XP Pro client would initially login to
> the domain... because they'll need to login to their worksation first
> to launch the vpn client to be able to see the win2003 server at all.
>
>
> Is this a situation where the initial connection to the domain must be
> on the LAN so the profile can be pulled down from the domain
> controller?
>
> Thanks in advance for any help or pointers to documentation -- my
> searching at microsoft.com for info on this setup has not been
> fruitful (lots of talk about ISA server and microsoft VPN's). If what
> I'm trying to accomplish is irretrievably screwed, I'd also welcome
> alternative setup suggestions!
>
> Best Regards,
> --
> Todd H.
> http://toddh.net/
 
"Danny Sanders" <DSanders@NOSPAMciber.com> writes:

> > Is this a situation where the initial connection to the domain must be
> > on the LAN so the profile can be pulled down from the domain
> > controller?
>
> Yes.
>
> After that they can log into the domain with cached credentials.
>
> hth
> DDS

Unfortunately that's not what I was hoping to hear. Surely there's
some way around this?

The (common?) scenario where this is troublesome is when domain
controller is in, say New York, new remote employee is in LA, and
there's no permanent office network to speak of--just remote vpn
access via the third party vpn client.

Creating a site to site VPN would be one possible workaround I
suppose. Or, having initial setup of that employees workstation
done on the LAN in New York....

Does the caching of the credentials not occur when an XP Pro box is
joined to a domain (while logged into the local user account?)? Or
does it happen on the first login of that new domain user to the
domain?

Best Regards,
--
Todd H.
http://www.toddh.net/
 
Todd H. <comphelp@toddh.net> wrote:
> "Danny Sanders" <DSanders@NOSPAMciber.com> writes:
>
>>> Is this a situation where the initial connection to the domain must
>>> be on the LAN so the profile can be pulled down from the domain
>>> controller?
>>
>> Yes.
>>
>> After that they can log into the domain with cached credentials.
>>
>> hth
>> DDS
>
> Unfortunately that's not what I was hoping to hear. Surely there's
> some way around this?
>
> The (common?) scenario where this is troublesome is when domain
> controller is in, say New York, new remote employee is in LA, and
> there's no permanent office network to speak of--just remote vpn
> access via the third party vpn client.
>
> Creating a site to site VPN would be one possible workaround I
> suppose. Or, having initial setup of that employees workstation
> done on the LAN in New York....
>
> Does the caching of the credentials not occur when an XP Pro box is
> joined to a domain (while logged into the local user account?)?

No.

> Or
> does it happen on the first login of that new domain user to the
> domain?

Yes.
>
> Best Regards,

If this is a laptop,configure it in New York and ship it out to LA. The
domain user has to have logged in once (with connectivity to a DC) in order
for them to be able to log in at all with cached credentials.

What's the point of joining the computer to the domain if they're never (or
v rarely) going to be on a network with a DC? I wouldn't.
 

Similar threads

M
Setup Server 2008 R2 Behind Router For Vpn Access
Replies
1
Views
1K
ICTCity
I
AWS
Windows 8 Client RSAT To WHS2011 WSUS User Name Issue
Replies
0
Views
253
AWS
AWS
Z
Unable To Ping Internal Lan After Vpn
Replies
3
Views
1K
ICTCity
I
N
Unable to see Domain controller in a remote site
Replies
0
Views
198
n1ckbark3r
N
S
Windows 2008, Windows XP and VPN (join domain, browse network, ping FQDN)
Replies
0
Views
236
Steve S3CC
S
Back
Top