1. I have only one user on the remote LAN because she works from her home.
Defnitely not worth setting up another server.
2.I know my method works, because I have another client who has a T-1 at
their host site (35 LAN stations) with two remote sites on < 1Mb DSL's and 4
remote LAN stations each. The remote users are able to work without a
problem, other than the obvious delay opening files from the shared folders
on the DC. The difference in my current case may be that the host site has a
DSL that averages about 600k (the remote site has a cable connection at 6
3. I need a VPN for two reasons
a. The remote user needs to print to her house from the host LAN (using
MAS90, a ProvideX-based accounting package), hosted on the DC, to a
multi-function laser printer at the remote office (her house). As I am sure
you are aware, support for many multi-function printers is very shaky or
nonexistent via RDP, so I elected to have the TS print directly to her
IP-based networked printer. This works just fine with no delays.
b. The user needs remote access to both Outlook & shared files hosted on the
server. I know I can leave off the domain membership & just write a batch
file for the user to map the drives (instead of using the AD login script),
but I'm not sure that would be much different.
4. She does run MAS90 via a terminal server at the host site, but I don't
really want to get into trying to license Word & Excel for the terminal
server, and she needs realtime access to those types of files in her home
folder & shared folders on the server.
The bottom line? Everything works fine except the logon process. Internet
access using the DC as her DNS server is perfectly fast; file access from the
DC is slow but adequate. The logon process, though, takes a good five
minutes. At the moment, my first step may just be to get the host site
upgraded to a cable connection at over 1Mb.
Someone told me there is a way to have "authentication lite" for remote
stations to speed up the logon process, but I have been unable to find
anything on this.
Post by Lanwench [MVP - Exchange]
Post by Brian
This is an SBS2003 single-server domain.
I have a problem with a remote workstation. I added it to the domain
when in the office, then moved it to its remote site. It is connected
now via a hardware VPN box at each end. It has a static IP with DNS
pointing to the LAN IP of the server. I can successfully ping the
server (at about 100ms turnaround time per packet) and any other
1. Logon is generally extremely slow when logging onto the domain
(but fast when logging onto a local account) and, in fact, is
entirely failing this morning, so the user cannot log onto the domain.
I don't know how many users/computers you have in this remote location, but
generally speaking, unless you have a huge fat leased line connecting the
two offices (no DSL, no VPN) this isn't going to work well.
it would be a good idea to stick a local DC/DNS/GC box on this network if
you want the users in this location to log into the domain at all. You can
use a cheapo workstation box running Win2k3 server for this purpose.
If you aren't going to have that in place, don't have these workstations
belong to your domain at all. You could install a Terminal Services box in
your main office, and have them access everything on the network that way.
In fact, even if you do install a local DC, note that accessing files across
a VPN connection just plain stinks, most of the time.
Post by Brian
2. I tried to rename the computer (standard method - local logon to
the workstation, then rename, then authenticate to AD when
requested), but I get the "error attempting to rename the computer.
The user name could not be found" error after a couple of minutes.
Don't try that unless your computer has a good, reliable connection to a DC
at the time.