Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connect Workgroup 2012r2 Server to Domain RRAS VPN that uses AD authentication


  • Please log in to reply
3 replies to this topic

#1 Conix

Conix

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 21 October 2016 - 07:01 PM

This is my first post.

Accomplish:

  • Connect Server 2012R2 to Domain VPN so that I can set it up as a RODC.

I currently have my business domain setup with 1 Physical DC, 1 Physical RRAS, 1 Hyper-V Host (for testing whatever) and 5 computers. I have little experience with VPN so I wanted to learn how to setup a VPN NOT using an all in one software solution even though that might be easier.

RRAS Server:

  1. RRAS is setup to use AD Authentication, DDNS setup for external resolution.
  2. Cisco router ports are open to RRAS and VPN is confirmed working when connecting from a Domain Joined laptop at a remote location. (The laptop was brought to Site A, Joined to Domain, User and Computer were given permissions in AD to dial in.) Then brought back to Site B and VPN works.
  3. Laptop at Site B can use IP or Netbios name resolution and all works just like it should.

So I also have a Windows 2012R2 Server at Site B. It is a fresh install and has nothing configured yet. I want this to be the RODC. I create the VPN connection on the B Server, Give it the same settings to connect as the VPN on the laptop and try to connect. It always fails the connection saying that

"Error 800: The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly."

I have tried to change the "Type of VPN" from Automatic to SSTP (which is what the laptop shows) I have exported the "Root Certificate" from the DC and imported it into the B Server on the "Machine" not just the "User". I have created an account for the B Server in AD (even though I know it will not help.. just thought i would try it)

I have been attempting this for a few days and reading a ton about it on the internet. Maybe it cant be done but then how else do you get a Workgroup machine to connect to the VPN so that it can join the Domain..?

Thank you in advanced for your answers.



BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:41 PM

Posted 22 October 2016 - 05:18 PM

Does the vpn require a username and password when setting up the connection or is it setup to use integrated logon? Did you import the Root Certificate into the Trusted Root Certificate Authority under the Machine account? What happens if you try a PPTP connection? Have you tried the connection from a PC NOT on the domain? To answer your last question YES you can set the up and Join Workgroup computers to a Domain. 

 

 

Edit: Did you configure the Windows Firewall on the server at Site B to allow the VPN connection?


Edited by Sneakycyber, 22 October 2016 - 05:18 PM.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 Conix

Conix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 23 October 2016 - 02:08 PM

Hi Sneakycyber,

 

Yes the VPN asks for a username and password. I have tried the login information from 3 VPN accounts and all come back the same. Yes I imported the Root Certificate into the Machine account. When I try a PPTP connection I get the same error. Yes the connection I am trying is from a Workgroup server 2012r2 to the DOMAIN VPN. The DOMAIN joined laptop I have works on the VPN just fine. 

 

I cant seem to get the WORKGROUP Server 2012r2 to Authenticate to join the VPN so that it can join the Domain. I have tried every configuration on the RRAS server I can think of.



#4 Conix

Conix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 25 October 2016 - 01:57 PM

I tried a Preshared Key and still will not connect. At this point i am just going to use a different VPN solution to connect it to the domain and then try the connection again to see if it completes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users