Scan VPN-connected machines?
We have roughly 200 machines total. 70 in the office and 130 laptops in the field. When we set the machines up initially, I like to run a scan on it so that we at least have them in our inventory. However, I'd like to be able to have them scanned when they connect via VPN. I have an auto report that tells us what applications have been installed the day before and then from the last week. Because of the nature of alarm fire technicians and their need to change comm port settings, install new versions of panel programs, etc..., administrator privileges are a must on those machines. Unfortunately, this leads to a lot of stuff that gets installed and then three months later, they bring in their machine because it's too slow or has other issues.
We use a Windows Server 2008 R2 as our VPN server. When the client connects, DHCP assigns it an IP address and I can connect to it via admin share and all that. However, PDQ Inventory doesn't see it. Remote repair from the PDQ server to the client fails on all four. Running it on the client to the server, everything is good. Looking at DNS, there is no listing for that machine at the VPN-based IP address. Just the one it got the last time it was in the office(and the lease hasn't expired yet). looking at DHCP, the IP address is assigned to the VPN server, not the client name. So, I'm guessing that's why.
Has anyone been able to get this to work with a similar setup?
Comments
It doesn't give a message. It simply sees the machine as offline(tries to use WOL first) when I run a manual scan on a machine that is connected via VPN.
Maybe try it without ping and WOL. Maybe the ping is not getting forwarded through the VPN or firewall causing PDQ to show it offline and prevent the scanning.
I know how to turn off WOL for the offline policy, but how do I turn off ping?
here is a screenshot. It could be the ping not getting through the VPN. You should also just try pinging a computer that you know is online using the VPN to see if the pings are getting to the computer and returning. (check the simple stuff first)
Ah, I didn't think to go into PDQ Deploy. I guess they're more integrated than I thought! I'll test that in a little bit. Thank you.
That didn't make any difference. Also, I can ping, connect via admin share, etc.. to the machine when it's connected, PDQ just doesn't recognize it as online and, thus, is not scanning it.
Hi Len,
I'm not sure how your DHCP/DNS is set up in the scenario. Are you using the DHCP server on the Windows VPN server directly or are you relaying DHCP from your primary DHCP server out to the VPN clients? If it's the latter, you can force clients (sort of) to register DNS by going into the DHCP server, right-click on the scope -> Properties -> DNS tab and select, "Always Dynamically update DNS and PTR records".
If you're not relaying DHCP, you can set up relaying fairly easily by configuring the DHCP Relay Agent. As you have probably gathered, for Inventory to see your machines in order to scan them, the machine needs to either exist in DNS or be accessible via NETBIOS.