Thank you for the tips.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Kevin Cotreau" <(E-Mail Removed)> wrote in message news:(E-Mail Removed). ..
Hi All,
I recently had the need for two member servers at a hosted location to be
joined to the domain, one of which was a Terminal Server. If the TS
rebooted, and the VPN had not been started manually, no domain user would be
able to log in since the domain controller would not be available. Also
there was the problem with the user who started the VPN could log out and
kill the VPN connection. I looked in vain for a third-party VPN client that
could do this and I couldn't find a solution spelled out for me, so I am
trying to do that now for others.
Personally, I would also suggest putting a domain controller at the hosted
location, but that was not an option for us, so I had to come up with
something different.
The 4 basic steps are to create the VPN connection, turn it into a batch
file, set up the batch file to run as a service, and set the registry to
maintain the connection when the user logs out.
Here is what I did in great detail, but it is easier than it looks.
1) I created my RAS VPN connection, named ABCVPN, for example. For ease in
making the following batchfile, name it something with NO spaces.
2) Test it by connecting.
3) I then created a batch file named ABCVPN.bat with just the following
command in it: "rasdial ABCVPN username password" but without the quotes.
4) Go to a command prompt so you can see any errors and run the batch file
to test connect again.
5) Copy it to a safe place like c:\windows\system32
6) Download the Windows 2003 Resource kit and install it to a directory with
NO spaces, not the default in "C:\Program Files". Use C:\RESOURCEKIT, as I
will use it for the rest of the document. This is very important. If you
have already installed it to the default directory C:\Program Files\Windows
Resource Kits\Tools, copy the srvany.exe instsrv.exe utilities to a temp
directory like C:\RESOURCEKIT. The reason is that instsrv.exe does not
correctly read the standard format of putting a directory in quotes as in
this command: ' instsrv VPN "C:\Program Files\Windows Resource
Kits\Tools\srvany.exe" ' (without the single quotes) and will return the
error: "The fully qualified path to the .EXE must be given".
7) Open a command prompt and change to the directory where you installed the
Windows 2003 resource kit, in this case, C:\RESOURCEKIT.
8) From that directory, install the VPN as a service with the following
command "instsrv VPN C:\RESOURCEKIT\srvany.exe." without the quotes around
it. This should return "The service was successfully added!" Next we have to
configure the new VPN service.
9) Open the Registry editor to the
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VPN] key.
10) Right-click on the VPN key and do "New>Key" and name it Parameters ..
11) Expand the new Parameters key and in the right pane right-click and do
"New>String Value" and name it Application .
12) Double-click your new "Application" key and enter
c:\windows\system32\ABCVPN.bat and save it. The service is now ready to run.
13) Test run it from within the Control Panel>Administrator Tools>Services
MMC. You will see the service VPN now listed and you can start it.
14) Lastly you need to add one more registry entry to keep the connection
persistent so it won't be lost by logging out. Go to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon registry key. Right-click and do "New>String
Value" and name it KeepRasConnections (this is possibly case sensitive, so
beware).
15) Double-click the new KeepRasConnections key and set the value to 1 and
save it. Details of these last two steps can be found in Microsoft Knowledge
Base articles 158909 and 897040,
I hope this helps someone.
Kevin Cotreau
MCSE+I, MCNE, et al.
Similar Threads
Linear Mode
