0

Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our own AD environment running DNS (running on the DC). The biggest change is our domain no longer is running DHCP since the new network has its own. Our previous RRAS set up had Direct Access enabled but that server is no longer available. The DC we have now was replicating from the old DC.

As part of the move, I set up a new Hyper-V server running Windows Server 2022 which is running on a member server running SQL. That box provided one NIC to the VM server with a static IP set. The VM server also has its own static IP.

I've successfully set up RRAS on the hyper-v server for Always On VPN with a static IP set for the clients (not used by the router). Connecting has not been a problem for client PCs. Both RRAS and the DC recognize the connected user. I verified the RRAS DNS IP address is used by the client.

The problem is on the client PC's, I cannot access anything on our domain via name (neither simple nor FQDN) or IP. For example, connecting to a SQL box gives "The target principal name is incorrect. Cannot generate SSPI context." Trying to RDP to any box does not work. Trying to connect via IP address simply times out. I cannot ping internal IP's either.

I am not sure if I have a basic DNS issue, a GPO issue, or both. Also, I cannot gracefully uninstall Direct Access since the previous RRAS server is not there so that may be the cause.

Thanks for any help.

6
  • At a minimum, no network connectivity requires providing the network topology and routing tables for an endpoint, the target resource, and the RRAS server.
    – Greg Askew
    Commented Nov 9, 2023 at 15:38
  • It seems you have two problems: 1. name resolution. 2. routing. - What are the VPN clients being assigned for DNS servers? What is acting as the DHCP server for the VPN clients? Is there a route from the VPN ip address space to the internal ip address space?
    – joeqwerty
    Commented Nov 9, 2023 at 16:14
  • @joeqwerty - 1. I'm assuming you mean from the VPN connection itself = the DNS IP from the RRAS server. 2. There is no explicit DHCP server; they are assigned an IP from a static pool from RRAS. 3. The IP address assigned is a 192.168 IP from the pool that would match the same subnet from the main router at the remote site. There is only one NIC on the server to provide connection to the internal network.
    – Mike H
    Commented Nov 9, 2023 at 19:20
  • @GregAskew - I'm not sure entirely what you mean here. The VM server hosting RRAS has only one NIC so there is no explicit network topology configured outside what the default RRAS set up is. The default IP pool is assigned 192.168 IP's to match the subnet of the internal network.
    – Mike H
    Commented Nov 9, 2023 at 19:22
  • @MikeH - OK. If I'm remembering RRAS then I believe what you need to do is to enable LAN Routing in the RRAS server. The VPN clients connect to the RRAS server but that doesn't give them connectivity to the internal network. Also, can you clarify that the VPN clients are assigned the same DNS servers as are assigned to the RRAS server itself and that those DNS servers are the correct DNS servers to resolve your internal hosts.
    – joeqwerty
    Commented Nov 9, 2023 at 19:43

0

You must log in to answer this question.