Enable RRAS as a VPN and I lose RDP

Hello!

Strange problem here! I will give you a quick background.

I have two servers, both are configured as domain controllers. One is
at my house, the other I have racked here at work. I use the one here
at work to test stuff that I dont want to break my network at work.
Even though my two domain controllers are at different sites I want to
set them up to be able to talk and replicate through VPN over the
internet.

I installed RRAS on the one I have here at work and as soon as it
enabled my remote desktop connection to it got dropped and I was no
longer able to connect through remote desktop. Is there a reason
remote desktop would no longer work once RRAS is set up as a VPN?

I guess a side question would be...is that really a good way to do
what I am trying to do? Install VPN on one of them, have the other
connect to it and then set up two sites in AD and schedule
replication?

Thanks in advance!
/Ehren

Never multi-home the DCs. RRAS causes them to be multi-homed because the RRAS
Adapter counts as a "nic".
Create your VPN using separate physical Devices (or computers) from the DCs
using the Site-to-Site VPN model (not Remote Access VPN).

272294 - Active Directory Communication Fails on Multihomed Domain Controllers
http://support.microsoft.com/default...b;en-us;272294
191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default...b;EN-US;191611

Once that part is working properly,...you need to create a "Site" in active
Directory. Each AD Site *must* be a different subnet,...that's why the
Site-to-Site VPN model is important (not Remote Access VPN model). The Sites
object in AD is what controls the Replication over the "slow" VPN link. Without
the Sites Object the replication will have problems with the "slow WAN link".

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

"Wingnut" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hello!
>
> Strange problem here! I will give you a quick background.
>
> I have two servers, both are configured as domain controllers. One is
> at my house, the other I have racked here at work. I use the one here
> at work to test stuff that I dont want to break my network at work.
> Even though my two domain controllers are at different sites I want to
> set them up to be able to talk and replicate through VPN over the
> internet.
>
> I installed RRAS on the one I have here at work and as soon as it
> enabled my remote desktop connection to it got dropped and I was no
> longer able to connect through remote desktop. Is there a reason
> remote desktop would no longer work once RRAS is set up as a VPN?
>
> I guess a side question would be...is that really a good way to do
> what I am trying to do? Install VPN on one of them, have the other
> connect to it and then set up two sites in AD and schedule
> replication?
>
> Thanks in advance!
> /Ehren
>

How is it exactly when setting up RRAS do you configure it as a site
to site?

As I said this is sort of my "home testing system" where I have one DC
at home and one DC at work for the same domain.

Being that I have these two machines...do you think it would work to
install a virtual machine on each with 2003 and run rras on the
virtual machine to handle the vpn business? In my head it seems like
that would work but I am not sure.

Also I would need to know more on how you specify RRAS to be a site to
site vpn instead of a remote access vpn.

Thanks!

On Jan 29, 3:41 pm, "Phillip Windell" <@.> wrote:
> Never multi-home the DCs. RRAS causes them to be multi-homed because the RRAS
> Adapter counts as a "nic".
> Create your VPN using separate physical Devices (or computers) from the DCs
> using the Site-to-Site VPN model (not Remote Access VPN).
>
> 272294 - Active Directory Communication Fails on Multihomed Domain Controllershttp://support.microsoft.com/default.aspx?scid=kb;en-us;272294
> 191611 - Symptoms of Multihomed Browsershttp://support.microsoft.com/default.aspx?scid=kb;EN-US;191611
>
> Once that part is working properly,...you need to create a "Site" in active
> Directory. Each AD Site *must* be a different subnet,...that's why the
> Site-to-Site VPN model is important (not Remote Access VPN model). The Sites
> object in AD is what controls the Replication over the "slow" VPN link. Without
> the Sites Object the replication will have problems with the "slow WAN link".
>
> --
> Phillip Windell [MCP, MVP, CCNA]www.wandtv.com
>
> The views expressed are my own (as annoying as they are), and not those of my
> employer or anyone else associated with me.
> -----------------------------------------------------
>
> "Wingnut" <wingnut691...@gmail.com> wrote in messagenews:(E-Mail Removed) ooglegroups.com...
>
>
>
> > Hello!
>
> > Strange problem here! I will give you a quick background.
>
> > I have two servers, both are configured as domain controllers. One is
> > at my house, the other I have racked here at work. I use the one here
> > at work to test stuff that I dont want to break my network at work.
> > Even though my two domain controllers are at different sites I want to
> > set them up to be able to talk and replicate through VPN over the
> > internet.
>
> > I installed RRAS on the one I have here at work and as soon as it
> > enabled my remote desktop connection to it got dropped and I was no
> > longer able to connect through remote desktop. Is there a reason
> > remote desktop would no longer work once RRAS is set up as a VPN?
>
> > I guess a side question would be...is that really a good way to do
> > what I am trying to do? Install VPN on one of them, have the other
> > connect to it and then set up two sites in AD and schedule
> > replication?
>
> > Thanks in advance!
> > /Ehren- Hide quoted text -- Show quoted text -

"Wingnut" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> How is it exactly when setting up RRAS do you configure it as a site
> to site?

You use RRAS (or compaible product) at both ends. The RRAS built in Help should
give you the specifics. It requires a double connection (each side calls the
other at the same time). The "calling" side uses the name of the opposite
interface as the "username" to establish the link,...then the RRAS on the other
end does the same thing in the opposite direction. That is how you get the
bi-directional traffic to properly connect two LANs.

The Site-to-Site VPN (aka Router-to-Router VPN) is a completely different VPN
"scheme" then the "Remote Access VPN" which is a single person connecting to a
VPN Server.

I'm pretty sure the RRAS Help has the details plus you can proably find the
details searching MS's site. But I don't personally use RRAS for this and so I
don't have any specific details close at hand.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------