Branch Office Issues

I am new to IT so please bear with me. Inherited network setup:

HQ:
SBS2k3 Standard SP1: DC, DNS, DHCP, Exchange
Win2k SP4: File, Custom App Server1 (synchronizing with Branch's Custom App
Server2)
15 workstations, all XPsp2

Branch:
Win2k3 R2 Standard SP2: Backup DC (replica of HQ's SBS2k3), DNS, DHCP, File
Win2k SP4: Custom App Server2 (synchronizing with HQ's Custom App Server1)
35 workstations, mix of XP and 2k.

Network domain: domain.companyname.local
HQ: 10.1.1.x
Mask: 255.255.255.0

Branch: 10.1.2.x
Mask: 255.255.255.0

The branch office is across the street from HQ connected via site-to-site
vpn courtesy of two 3Com routers.

Immediate problem:
None of the workstations at Branch can browse the network although I can map
drives, create shortcuts, and gain access to shared drives using
\\server\share. Attempting to browse the network yields the following error:
"Domain is not available. You might not have permission to use this network
resource. Contact the administrator of this server to find out if you have
access permissions. The list of servers for this workgroup is currently not
available."

All of the workstations at HQ can browse the network. I'm logged in as
domain administrator. Do I need a Wins server at the branch office? Is this a
NetBios issue? Does the fact that the error says "...WORKGROUP is currently
not available" relevant? The workstations are joined to the domain.

Other questions:
1. How can I tell which DC is authenticating HQ/Branch users?
2. Traffic between HQ and Branch is slow, is that an inherent limitation of
vpn connections? Will better quality equipment increase traffic speed?
3. Most (maybe all) Outlook 2k3 at the branch office routinely
disconnect/connect from the Exchange server at HQ multiple times daily, is
this because of the slow vpn?
4. Is the domain/IP address setup of the network appropriate for our
environment?

I know this is a lot but I'm trying to get a handle on what is wrong with
our network and hopefully get it to optimal.

Thank you.

"it-al" <(E-Mail Removed)> wrote in message
news:94B5F659-676A-4805-8C9A-(E-Mail Removed)...
>I am new to IT so please bear with me. Inherited network setup:
>
> HQ:
> SBS2k3 Standard SP1: DC, DNS, DHCP, Exchange
> Win2k SP4: File, Custom App Server1 (synchronizing with Branch's Custom
> App
> Server2)
> 15 workstations, all XPsp2
>
> Branch:
> Win2k3 R2 Standard SP2: Backup DC (replica of HQ's SBS2k3), DNS, DHCP,
> File
> Win2k SP4: Custom App Server2 (synchronizing with HQ's Custom App Server1)
> 35 workstations, mix of XP and 2k.
>
> Network domain: domain.companyname.local
> HQ: 10.1.1.x
> Mask: 255.255.255.0
>
> Branch: 10.1.2.x
> Mask: 255.255.255.0
>
> The branch office is across the street from HQ connected via site-to-site
> vpn courtesy of two 3Com routers.
>
> Immediate problem:
> None of the workstations at Branch can browse the network although I can
> map
> drives, create shortcuts, and gain access to shared drives using
> \\server\share. Attempting to browse the network yields the following
> error:
> "Domain is not available. You might not have permission to use this
> network
> resource. Contact the administrator of this server to find out if you have
> access permissions. The list of servers for this workgroup is currently
> not
> available."
>
> All of the workstations at HQ can browse the network. I'm logged in as
> domain administrator. Do I need a Wins server at the branch office? Is
> this a
> NetBios issue? Does the fact that the error says "...WORKGROUP is
> currently
> not available" relevant? The workstations are joined to the domain.
>
> Other questions:
> 1. How can I tell which DC is authenticating HQ/Branch users?
> 2. Traffic between HQ and Branch is slow, is that an inherent limitation
> of
> vpn connections? Will better quality equipment increase traffic speed?
> 3. Most (maybe all) Outlook 2k3 at the branch office routinely
> disconnect/connect from the Exchange server at HQ multiple times daily, is
> this because of the slow vpn?
> 4. Is the domain/IP address setup of the network appropriate for our
> environment?
>
> I know this is a lot but I'm trying to get a handle on what is wrong with
> our network and hopefully get it to optimal.
>
> Thank you.


Yes, you need WINS to browse a segmented network. The browser service
works on Netbios names and broadcasts and these do not cross routers or WAN
links. It doesn't matter which site you install the WINS server in, but all
machines in both sites should be WINS clients.

You control which DC authenticates which clients by using Sites in AD.
You assign an IP subnet to each site and machines will authenticate to the
DC in their local site.

VPN is slow, but there are ways to minimise the amount of traffic that
has to cross the link. DNS lookup will be faster if you have a DNS server in
each site which is a secondary for the DNS in the other site. Make sure that
the clients are actually using the app server in the local site, not the one
across the VPN link.l

"Bill Grant" wrote:

Yes, you need WINS to browse a segmented network. The browser service
> works on Netbios names and broadcasts and these do not cross routers or WAN
> links. It doesn't matter which site you install the WINS server in, but all
> machines in both sites should be WINS clients.
>
> You control which DC authenticates which clients by using Sites in AD.
> You assign an IP subnet to each site and machines will authenticate to the
> DC in their local site.
>
> VPN is slow, but there are ways to minimise the amount of traffic that
> has to cross the link. DNS lookup will be faster if you have a DNS server in
> each site which is a secondary for the DNS in the other site. Make sure that
> the clients are actually using the app server in the local site, not the one
> across the VPN link.l

Bill,

Thanks for the response. I'll go ahead and configure the Branch workstations
as WINS clients. I can do this by adding the IP address of the WINS server in
the DHCP options right?

Thanks for the info on controlling which DC clients authenticates to, I
didn't know that was possible.

The clients are actually using the local site's app so only database
replication takes place at scheduled intervals. I think exchange to outlook
traffic is the only "heavy" traffic going on between each site.

Thanks again.

Would A terminal server setup not be handy here?

"it-al" <(E-Mail Removed)> wrote in message
news:FC7533CF-5B1D-4DD2-99DD-(E-Mail Removed)...
>
>
> "Bill Grant" wrote:
>
> Yes, you need WINS to browse a segmented network. The browser service
>> works on Netbios names and broadcasts and these do not cross routers or
>> WAN
>> links. It doesn't matter which site you install the WINS server in, but
>> all
>> machines in both sites should be WINS clients.
>>
>> You control which DC authenticates which clients by using Sites in
>> AD.
>> You assign an IP subnet to each site and machines will authenticate to
>> the
>> DC in their local site.
>>
>> VPN is slow, but there are ways to minimise the amount of traffic
>> that
>> has to cross the link. DNS lookup will be faster if you have a DNS server
>> in
>> each site which is a secondary for the DNS in the other site. Make sure
>> that
>> the clients are actually using the app server in the local site, not the
>> one
>> across the VPN link.l
>
> Bill,
>
> Thanks for the response. I'll go ahead and configure the Branch
> workstations
> as WINS clients. I can do this by adding the IP address of the WINS server
> in
> the DHCP options right?
>
> Thanks for the info on controlling which DC clients authenticates to, I
> didn't know that was possible.
>
> The clients are actually using the local site's app so only database
> replication takes place at scheduled intervals. I think exchange to
> outlook
> traffic is the only "heavy" traffic going on between each site.
>
> Thanks again.

"Michael M." wrote:

> Would A terminal server setup not be handy here?

I'm not sure if a terminal server will come in handy. At this point the only
traffic running across the vpn is smtp and database replication for the
custom app and even those will eventually be replaced by rpc/http and a web
version of the current app, sharepoint will take care of what little document
exchange goes on between the two sites.

The only thing I can think of that we might want to do with our vpn at point
is use it for cross-offsite-backup. But, that connection might be too slow.

"Bill Grant" wrote:

> Yes, you need WINS to browse a segmented network. The browser service
> works on Netbios names and broadcasts and these do not cross routers or WAN
> links. It doesn't matter which site you install the WINS server in, but all
> machines in both sites should be WINS clients.
>
> You control which DC authenticates which clients by using Sites in AD.
> You assign an IP subnet to each site and machines will authenticate to the
> DC in their local site.
>
> VPN is slow, but there are ways to minimise the amount of traffic that
> has to cross the link. DNS lookup will be faster if you have a DNS server in
> each site which is a secondary for the DNS in the other site. Make sure that
> the clients are actually using the app server in the local site, not the one
> across the VPN link.l

I decided to add a WINS server at the branch office and configured it to
replicate with the HQ server. I can browse the network now and everything
looks good. Thanks!

I have the same problem theat exchange intrupted many times during working
through Internet-VPN connection, but when I upgrade the speed this problem
terminated. so intruption taks place due to VPN speed

"it-al" wrote:

> I am new to IT so please bear with me. Inherited network setup:
>
> HQ:
> SBS2k3 Standard SP1: DC, DNS, DHCP, Exchange
> Win2k SP4: File, Custom App Server1 (synchronizing with Branch's Custom App
> Server2)
> 15 workstations, all XPsp2
>
> Branch:
> Win2k3 R2 Standard SP2: Backup DC (replica of HQ's SBS2k3), DNS, DHCP, File
> Win2k SP4: Custom App Server2 (synchronizing with HQ's Custom App Server1)
> 35 workstations, mix of XP and 2k.
>
> Network domain: domain.companyname.local
> HQ: 10.1.1.x
> Mask: 255.255.255.0
>
> Branch: 10.1.2.x
> Mask: 255.255.255.0
>
> The branch office is across the street from HQ connected via site-to-site
> vpn courtesy of two 3Com routers.
>
> Immediate problem:
> None of the workstations at Branch can browse the network although I can map
> drives, create shortcuts, and gain access to shared drives using
> \\server\share. Attempting to browse the network yields the following error:
> "Domain is not available. You might not have permission to use this network
> resource. Contact the administrator of this server to find out if you have
> access permissions. The list of servers for this workgroup is currently not
> available."
>
> All of the workstations at HQ can browse the network. I'm logged in as
> domain administrator. Do I need a Wins server at the branch office? Is this a
> NetBios issue? Does the fact that the error says "...WORKGROUP is currently
> not available" relevant? The workstations are joined to the domain.
>
> Other questions:
> 1. How can I tell which DC is authenticating HQ/Branch users?
> 2. Traffic between HQ and Branch is slow, is that an inherent limitation of
> vpn connections? Will better quality equipment increase traffic speed?
> 3. Most (maybe all) Outlook 2k3 at the branch office routinely
> disconnect/connect from the Exchange server at HQ multiple times daily, is
> this because of the slow vpn?
> 4. Is the domain/IP address setup of the network appropriate for our
> environment?
>
> I know this is a lot but I'm trying to get a handle on what is wrong with
> our network and hopefully get it to optimal.
>
> Thank you.

Ahmad,

Did you do any kind of "tweaking" to boost the speed on your routers or did
you have to replace them altogether? Although I think going the rpc/http
route will mitigate that problem without investing in additional hardware
(right? someone pls correct me if I'm wrong) I'd still like to know you did
it.

"ahmad" wrote:

> I have the same problem theat exchange intrupted many times during working
> through Internet-VPN connection, but when I upgrade the speed this problem
> terminated. so intruption taks place due to VPN speed