[SOLVED] Site to Site VPN

[Mr_IT]

Hi Guys

We have a client who has a site to site VPN and the client has a Hyper-V server that replicates to another server (Both servers aren't in the same location).

The replication works fine however because of the site to site VPN however when I tested the failover no one was able to connect to the replica server.

What do I need to do in order to resolve this issue?

 

[rgd1101]

the replica server should be on the vpn too
contact your DR support?

 

[USAFRet]

What do I need to do in order to resolve this issue?

What to do?
Draw out a detailed diagram of ALL devices and interfaces involved.
Hardware, IP addresses, etc, etc.

That may lead you to find where the problem lies.

 

[Mr_IT]

The primary server is on 192.168.1.x network and the replica server is on 192.168.20.x network. They both communicate with each other fine but the people connected to the 192.168.1.x network can't communicate with the replica server that's on 192.168.20.x network????

 

[bill001g]

Then you have something wrong with the site to site vpn. Either there is something that only routes the traffic for that one server over the VPN or there is some issue with the clients not sending the traffic to the correct router.

There are many ways to design this so there is no simple answer.

In addition there is a huge difference between network connectivity and a back up server function.

Can you ping both servers from end clients. That would confirm your vpn and routing is ok.

When you talk server function you get into all kinds of messy stuff like DNS names etc etc.

 

[Mr_IT]

Thanks for all your answers!!

I have setup a brand new DC and a Remote Desktop Server.
I have created a test account in order to login to the Remote Server.
When I try and login I get an error message - The connection was denied because the user account is not authorized for remote login.
I've created a global security group and called it RDS Users and added the test user to it.
I have purchased CAL licenses and installed them on the Remote Server.

How do I create a group policy so only member in that group can login to the Remote Server??

 

[rgd1101]

add the RDS group to allow remote login to the server

 

[Mr_IT]

Thanks rgd1101.

Users can now login to the remote server however they have too many "options". For example they can see everything in control panel like an admin also they can install a software (yes granted the software asks for admin credentials) however if they don't enter any the software gets installed anyways.

How do I lock all of these "options" down?

 

[rgd1101]

read thru the MS doc
https://docs.microsoft.com/en-us/windows/security/identity