VPN Stability Router-Router SBS 2k3 STD 1 Nic Setup

I can find no guides on the internet to configure sbs for a hardware, router
to router vpn on a single nic.
I have cobbled a setup which uses this but the problem is the connection is
dropping regualry and is pretty unstable.

Issues,
Outlook connection to exchange dropping.
Long log in times, applying user settings. (upto 10min)
Error's in remote workstation logs.
Unable to access remote office shares from main office (ping is fine)

I have basically configured the hardware router vpn link and connect the
computer through this to the domain. However I also needed to manually add
the wins server to each client for it to talk properly.

These are the error messages in the logs I am receiving
MRxSmb 3019
LSASRV 40960
LSASRV 40961
NETLOGON 5719
NETLOGON 5783

MAIN SERVER
====================================
Windows IP Configuration

Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : Henshaws.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Henshaws.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC320i PCIe Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-1A-4B-0A-8F-4A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1

Remote Workstation Configuration
=========================

Host Name . . . . . . . . . . . . : RWORKSTATION1
Primary Dns Suffix . . . . . . . : Henshaws.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Henshaws.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DM Gigabit Network
Con
nection
Physical Address. . . . . . . . . : 00-0F-FE-51-52-60
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.2.1
DHCP Server . . . . . . . . . . . : 10.0.2.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : 28 November 2007 21:26:01
Lease Expires . . . . . . . . . . : 29 November 2007 21:26:01

Please please help !..... this has been on going for too long and is
disrupting there work severly.

Do I need to add a subnet range on the server for the 10.0.2.1 ?

Thank you in advance for any help you can provide.

- Paul

 

Hi Paul:

Inet VPN, router to router or not, is problematic in some parts of the
world. The class of service can make a world of difference. If you have
768 down and 128 up, you effectively have 128 between the two.

This sounds like although you did not say, a home office - branch office.
Can you confirm that we are discussing this? Or something else?

 

To clarify, I meant "central office", not a "office at home".

 

Hi Larry,
The remote office is a branch office with three windows xp pro workstations
routed through the single vpn. The upload speed is 450 at both sites.

 

Is there a DC in the remote office? If yes, is it also a GC server?

 

Nope just the workstations present.

Bit Tired... forgot to say thank you last time !

 

Ok as you have probably guessed, your difficulties are (probably, and
lacking any other information) due to the latency of the internet and slow
connection speeds.

I would probably not do what you are attempting. I would either put a DC/gc
in the branch office, which will help your login times, or a TS in the main
office and use RWW. I prefer the latter.

The connection to exchange is problematic for the same reason. RPC Over
HTTP is less problematic.

http://office.microsoft.com/en-us/ork2003/HA011402731033.aspx

The most difficult to overcome without a TS is opening shares on the remote
with VPN. This is slow enough with one user, with 3 it must be like
watching paint dry, and worse, it never quite dries.

I don't have any good advice on this one except to install a TS at the main
office and use RWW to the TS.

Or get faster inet connections.

 

The data traffic is quote small, only the odd file between the server and
clients now and again. I setup a test terminal server in our office, as I
have not had chance to try these out - one concern is that they often print
large A3 graphics to a local printer in the office - would this be feasible
over terminal services as I guess the data would be coming from the main
office via broadband ?
The other problem is that they upload camera files and not sure how this
would work with a ts.

May main worry with the VPN is that I don't have reverse access to the
Remote workstations from the main office.... have I missed a configuration
step here ?

I did try setting Outlook via the internet... will try again with that.

I don't think they would like the idea of putting a server in their office
and I'm not sure how to configure a second server with sbs as I have never
attempted that before, but this may be the only answer if TS doesnt help.

Thank you for your comments.

 

Hi Paul:

Just to be clear, I am suggesting a TS in the main office.

Printing across a VPN or RWW is the same... you have to tell Windows how to
format the output and where to send it. So the driver has to be on both the
TS server and the local system, and the names must match.

File transfer can be accomplished a lot of ways. Photos, as any junior high
kid will tell you, go in email pretty well.

But, when you start an rww session you are given the opportunity to enable
file transfers and to enable remote printing.

Works very well.

Lanwench does not like "rogue print drivers" on servers, TS or other kinds),
but I have not had any problems.