When setting up business laptops (Windows 10) for some of the employees at my current job I'm facing a problem with joining them to our AD domain.
The setup:
- Windows Server AD (on-premises) setup, synchronized with Azure AD via Azure AD Connect.
- Set of company desktop PCs & laptops, joined to the domain.
- A (FortiGate) firewall with VPN access for laptop-wielding employees.
The issue:
Whenever a user tries to log on to a laptop outside the company network - even if they have previously logged on to that laptop inside the network - they get greeted with no desktop and the message that Windows was unable to load the user's desktop at \\companyx.com\dfs\users\m.smith\Desktop from the DFS. That in itself makes sense, if not connected to the network locally or via VPN, companyx.com will not resolve correctly and there's no connection to the DFS. However, if the user chooses to sign in to the laptop via network-login, which directly connects them to the VPN before logging them into Windows, that issue persists. Additionally, even when connected to the VPN, resolving other domain PC names (OTHER-PC-01 or OTHER-PC-01.companyx.com) fails.
What have I tried already:
- I already tried manually changing the DNS server on the laptop's wireless adapter to the IP of the domain controller server, which is what we use inside the network
- I have tried connecting via a separate SSL-VPN client (FortiNet VPN), however as expected that didn't change anything
- Actually browsing the DFS via the file-server's local IP works just fine
Is this an issue with DNS? What else should I be looking at here, the setup itself should work that way, even without connecting to the VPN via what's been cached, shouldn't it?
