Skip to main content
A
Anonymous_User
Contributor
January 7, 2006
Question

VPN and Active Directory

  • January 7, 2006
  • 2 replies
  • 7020 views
I have a basic dial-up VPN setup between my Fortigate 60 and Forticlients for remote users. This issue is probably both VPN and Windows related. 1) When users that have machines that are NOT on our Windows domain, they can access resources on our network without a problem. Accessing via IP address is really all we need to be able to do. 2) However when users that have laptops that ARE part of the domain, they get errors when they try to connect via FQDN as well as IP address. When they try to connect via IP address they get a message that says " An error occurred while reconnecting to: ' drive' . Microsoft Windows Network: The local device name is already in use. This connection has not been restored" . Note: The Fortinet support group assisted me with getting the VPN configured at it seems to connect fine. However we did NOT configure a DHCP relay for the clients as they said it would not be needed. I also tried editing the hosts files of the laptops to see if that would help them get to resources but no luck. Any help would be appreciated. Thanks.

    2 replies

    A
    Anonymous_UserAuthor
    Contributor
    January 17, 2006
    I have much the same problem. I' m using a simple Microsoft PPTP VPN client to connect to a Fortigate-100 which then authenticates against AD using RADIUS. As with the other member, if I connect from a machine not part of the domain I can access shares, etc. But with my laptop that is part of the domain I can' t. When the VPN is connected my laptop can' t see any domain controllers to authenticate access. Similarly if when I log on to my laptop, but tick the box to use dialup networking to logon, then connect the VPN before logging on, my laptop can' t find the domain controller to authenticate the logon. The odd thing is that this was working at one point.
    UkWizard
    UkWizard
    New Member
    January 17, 2006
    set the workstations DNS servers to the Domain controllers, this may resolve it. Microsoft have a security feature in AD whereby the authentication doesnt work when the machine isnt registered into the AD DNS beforehand. this is what you may be experiencing.
    A
    Anonymous_UserAuthor
    Contributor
    January 19, 2006
    Setting the DNS Server to be the Domain Controller has fixed this. As a slightly better fix, I' ve now changed the VPN connection as follows (standard Microsoft VPN client) Add the Domain Controller as a DNS server Tick the box that says " Register this connection' s addresses in DNS" Doing it this way means that my main DNS servers can remain unchanged. Thanks for help
    A
    Anonymous_UserAuthor
    Contributor
    January 30, 2006
    Still don' t quite have it on this end. First, our domain controller is the DNS server. I tried manually changing the DNS in the network properties, and that didn' t seem to fix it. Also, many of the users are non-technical and would never be able to figure out how to manually change the DNS server withing the TCP/IP properties. I posted a question on the Microsoft technet site regarding this issue also. When I hear something I' ll post back.
    Terms & ConditionsAccessibility statement