Might check that Use default gateway on remote network option is checked on VPN connection. Also check the connection uses the 2019 Essentials address listed for DNS.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Problems with Domain Controller authentication over VPN
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 45%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Tomáš Pokorný
1
Reputation point
Hello,
I'm trying to configure an SSTP VPN access to our office network.
The network consists of:
- MikroTik Router (gateway, VPN tunnel)
- Windows Server 2019 Essentials (Domain Controller, DNS, File Server, SQL Server and several other roles) - yes, we only have 1 server, as we only have 3 employees
I managed to get to a point where I can get access to the network, I can ping everything (hostname of the server as well) and I can even access the server via Remote Desktop using Admin credentials.
However, I have problems with accessing various services of the server. Namely:
- Shared Files - When I click on a shared disk, I get this error: "The system cannot contact a domain controller to service the authentication request. Please try again later."
- Trying gpupdate /force via cmd: User Policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \company.com\SysVol\company.com\Policies{CFABC23E-DD6D-4314-A616-A900B203B7E8}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled. - Trying to access a front end application connected to SQL Server: Connection failed: SQL State S1000. SQL Server Error: -2146892976. [Microsoft][ODBC Driver 17 for SQL Server]MAX_PROVS: The system cannot contact a domain controller to service the authentication request. Please try again later
It is driving me nuts. I can browse through my files and looking at SQL Server via Remote Desktop, but at the same time, I can't access the resources directly from my client PC over the VPN.
To state the obvious - everything works perfectly when I'm inside the LAN.
I would greatly appreciate any tips as why this might be happening.
Thanks a lot in advance.
Tomas
Windows for business | Windows Server | User experience | Other
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-11-11T09:26:34.913+00:00 -
Tomáš Pokorný 1 Reputation point
2022-11-11T10:51:55.493+00:00 Hi Patrick,
thank you for the tips. I tried the steps but unfortunately without success. This is how it's currently configured:
(sorry for the Czech language there)
This is my CMD:
Isn't it strange that my default gateways indicates 0.0.0.0?
Would you by any chance have another tips that I could try?Thanks a lot.
Tomas -
Tomáš Pokorný 1 Reputation point
2022-11-11T11:17:07.643+00:00 It also might be important to note that the LAN subnet is 192.168.100.0/24 and MikroTik DHCP assigns 192.168.101.100-192.168.101.254 to VPN clients.
Sign in to comment -
-
Anonymous
2022-11-11T18:31:36.017+00:00 A VPN connection is a point-to point connection which emulates a single wire connection so the gateway doesn't really matter. Might also check the ports are flowing between networks.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions
https://www.microsoft.com/en-us/download/details.aspx?id=24009--please don't forget to
upvoteandAccept as answerif the reply is helpful---
Anonymous
2022-11-14T13:16:40.55+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
Tomáš Pokorný 1 Reputation point
2022-11-14T13:18:30.587+00:00 I haven't been able to solve the problem so far. Would you please have any other tips maybe?
-
Anonymous
2022-11-14T13:55:40.197+00:00 Have you confirmed the ports are flowing as mentioned above?
-
Anonymous
2022-11-16T15:56:18.873+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -