none
Remote users not able to access local file server

    Question

  • Hi

    i have 2 remote office without local domain controller, all the users are connected to the central domain controller in another location.

    However when the VPN disconnects, users are not able to access their local file servers. is there some one to help me solving this issues.

    Technical info

    Single domain, Forest WIndows 2003 mode 

    Windows 2008 R 2 Domain controller in Main Datacenter.

    Windows 7 and XP users at remote office users

    Windows 2008 file server locally installed at remote office


    DEPA

    Thursday, June 14, 2012 11:25 AM

Answers

  • Hello, 

    When VPN disconnects, there is no communication between central office and remote office locations. So, no communication between DC and client systems and users are not authenticated by DC, it leads a problem in accessing file server.

    I suggest you configure another DC/DNS/GC server in other 2 locations or configure network redundancy at 3 locations.

    Please go through below two articles while configuring DCs at remote site/locations.



    Regards, Ravikumar P

    • Proposed as answer by Tiger Li Monday, June 18, 2012 3:06 AM
    • Marked as answer by Sha4U Monday, June 18, 2012 4:43 AM
    Sunday, June 17, 2012 12:52 PM
  • Hi,

    Thanks for posting here.

    Domain computers and users need to connect with domain controller to complete the authentication during the accessing process. So once the connectivity is no longer available then they will not be able to access with each other anymore.

    Kerberos Explained

    http://technet.microsoft.com/en-us/library/bb742516.aspx

    Please following what Ravikumar suggested to deploy a domain controller at remote site with setting “Active Directory Sites and Services” in domain system in case the issue you encountered reproduces in future .

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Sha4U Monday, June 18, 2012 4:43 AM
    Monday, June 18, 2012 3:05 AM

All replies

  • Hello, 

    When VPN disconnects, there is no communication between central office and remote office locations. So, no communication between DC and client systems and users are not authenticated by DC, it leads a problem in accessing file server.

    I suggest you configure another DC/DNS/GC server in other 2 locations or configure network redundancy at 3 locations.

    Please go through below two articles while configuring DCs at remote site/locations.



    Regards, Ravikumar P

    • Proposed as answer by Tiger Li Monday, June 18, 2012 3:06 AM
    • Marked as answer by Sha4U Monday, June 18, 2012 4:43 AM
    Sunday, June 17, 2012 12:52 PM
  • Hi,

    Thanks for posting here.

    Domain computers and users need to connect with domain controller to complete the authentication during the accessing process. So once the connectivity is no longer available then they will not be able to access with each other anymore.

    Kerberos Explained

    http://technet.microsoft.com/en-us/library/bb742516.aspx

    Please following what Ravikumar suggested to deploy a domain controller at remote site with setting “Active Directory Sites and Services” in domain system in case the issue you encountered reproduces in future .

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    • Marked as answer by Sha4U Monday, June 18, 2012 4:43 AM
    Monday, June 18, 2012 3:05 AM
  • Hi Tiger

    the one you are refering to is for Windows 2000, is there any enhancements in 2008 R2 and windows 7.


    DEPA

    Monday, June 18, 2012 4:52 AM
  • thanks a lot

    how about the Branch cache,

    also we need DC if we implement Branch Cache


    DEPA

    Monday, June 18, 2012 4:53 AM
  • Hi,

    Thanks for update.

    We may refer to the link below to acquire the new improvements in Windows server 2008 R2 :

    Active Directory Domain Services for Windows Server 2008 R2

    http://technet.microsoft.com/en-us/library/dd378801(WS.10).aspx

    However , the basic authentication mechanism in new platform is same as what in previous versions .

    Designing the Site Topology for Windows Server 2008 AD DS

    http://technet.microsoft.com/en-us/library/cc772013(WS.10).aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, June 18, 2012 5:13 AM
  • thanks for the your quick response.

    is there any other way that we can cache the credetials on the file server and keep the data access intact.


    DEPA

    Monday, June 18, 2012 5:22 AM
  • Hi,


    Thanks for update.

    I’m afraid there is no other way but consider to deploy an additional domain controller at branch site and configure it to replicate with DC at central site like what we suggested previously .

    We also have new read-only domain controllers feature in Windows Server 2008 which will help to secure our domain system at branch:

    Read-Only Domain Controller Planning and Deployment Guide

    http://technet.microsoft.com/en-us/library/cc771744(WS.10).aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, June 18, 2012 5:36 AM